Save Your Identity: ID Theft Awareness, Prevention, and Recovery 1581604459, 9781581604450

Get the lowdown on ID theft: the tricks of the ID thief's trade, your risk factor, 10 ways to minimize your risk ri

215 14 9MB

English Pages 204 Year 2004

Report DMCA / Copyright

DOWNLOAD PDF FILE

Recommend Papers

Save Your Identity: ID Theft Awareness, Prevention, and Recovery
 1581604459, 9781581604450

  • 0 0 0
  • Like this paper and download? You can publish your own PDF file online for free in a few minutes! Sign Up
File loading please wait...
Citation preview

ID THEFT AWARENESS, PREVENTION, AND

Digitized by the Internet Archive in 2022 with funding from Kahle/Austin Foundation

https://archive.org/details/saveyouridentityOO00ches

ID THEFT AWARENESS, PREVENTION, AND RECOVERY

A

U O IDENTI

T

MICHAEL CHESBRO

PALADIN PRESS ¢ BOULDER, COLORADO

Save Your Identity: ID Theft Awareness, Prevention, and Recovery by Michael Chesbro

Copyright © 2004 by Michael Chesbro ISBN 1-58160-445-9 Printed in the United States of America

Published by Paladin Press, a division of Paladin Enterprises, Inc. Gunbarrel Tech Center 7077 Winchester Circle Boulder, Colorado 80301 USA +1.303.443.7250 Direct inquiries and/or orders to the above address. PALADIN, PALADIN PRESS, and the “horse head” design are trademarks belonging to Paladin Enterprises and registered in United States Patent and Trademark Office. All rights reserved. Except for use in a review, no portion of this book may be reproduced in any form without the express written permission of the publisher. Neither the author nor the publisher assumes any responsibility for the use or misuse of information contained in this book.

Visit our Web site at www.paladin-press.com

Table of Contents

Introduction - 1

1 Minimizing Your Risk - 15 2 factors Contributing to Identity Theft - 19 3 Credit Bureaus, Private Investigators, and Information Brokers - 57

4 Take Control of How Your Private Financial Information Is Stored and Used - 69 5 Safeguard Your ficcounts - 81 6 Businesses and Identity Theft - 99

Save Your Identity

¢. Identity Theft Prevention Quiz - 105 8 You’ve Been Victimized—What Now? - 109

Q Know the Law - 123 APPENDIX 1 Identity Theft Affidavit - 153

APPENDIX 2 The Fair Debt Collection Practices Act - 167 APPENDIX 3 Identity Theft Information Resources Online - 189

Introduction

We

have

all likely heard

the

term “identity theft,” but just what is

identity theft? How does someone steal your identity? Is identity theft really a problem? What can you do to protect yourself against it? If you become the victim of an identity thief, what can you do to mitigate

the damage and recover your losses? This book will answer these questions. It will discuss things you can do now to help prevent becoming a victim of identity theft, and it will explain the steps you must take if you find that you have become a victim of identity theft, in order to mitigate the damage and recover from the crime. In simple terms, identity theft is the appropriation of your personal identification information (i.e., name, date of birth, Social Security

Save Your Identity

number)

by someone

other than you for criminal purposes.

Federal law (18 U.S.C. Section 1028) defines an identity thief as

someone who “knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law.’ An identity thief uses your personal information and pretends to be you. He may obtain a credit card, open a checking

account, obtain cellular

telephone service, or apply for a loan in your name. Given time, an identity thief may obtain government identification (e.g., driver’s license or passport) in your name and even receive government services and benefits for which you may be held accountable. Every crime the identity thief commits using your identification points back to you. When he obtains a credit card in your name and runs up charges that he never pays, this is reflected on your credit report. When he opens a checking account in your name and writes thousands of dollars in checks, all of which bounce, the bank and the bill collectors will be look-

ing for you. When he obtains a driver’s license in your name and thereafter fails to pay some traffic ticket, it will be your name on the bench warrant issued by a judge. All of these things and more can happen to you if you become the victim of identity theft. But just how likely is it that you will become a victim of this crime?

IS IT REALLY THAT BIG OF A PROBLEM? Identity theft is a growing crime that is approaching epidemic proportions in the United States. In 2001 identity theft was the most common complaint filed with the Federal Trade Commission (FTC), comprising 42 percent of all complaints filed. In approximately 1,300 of the reported cases, the victims of identity theft were subjected to criminal investigation, arrest, and even conviction for crimes committed by the identity thief

Introduction

using the victim’s identity. The inspector general of the Social Security AdministratiJames on, Huse Jr., has labeled identity theft a “national crisis.” In 1992, the credit reporting agency TransUnion received about 35,000 calls from victims of identity theft and those concerned about this crime. In 2001, it received

more than 1 million such calls. In a lecture given on December 7, 2000, Jim Kerins, president of the National Fraud Center (NFC), a division of the Lexis-Nexis Risk Solutions Group, stated,

“Identity theft continues to grow in the virtual environment of ecommerce. In this setting, fraud and risk losses have increased substantially, to more than $1 billion.” James E. Bauer, deputy assistant director of the Office of Investigations, U.S. Secret Service, has stated, “Identity takeover fraud has come into its own and promises not to go away until significant changes evolve in the manner and methods by which personal identifiers are collected and used.” Identity theft is not some infrequently occurring crime that we can afford to ignore, nor is it something that just happens to someone else. According to the technology research organization The Gartner Group, there is likely to be “mass victimization” by identity thieves. CBS News.com, reporting on identity theft on January 29, 2001, warned, “This year alone more than 500,000 Americans will be robbed of their identities ... with more than $4 billion stolen in their names.” According to a study conducted by The Gartner Group, “An Internet survey of more than 1,000 adult U.S. online consumers

conducted in January 2002 showed that 5.2 percent of respondents were victimized by credit card fraud in 2001 and 1.9 percent were victimized by identity theft (although respondents do not know whether the theft occurred online or offline).”

By May 2003 identity theft made the Top-10 list of security threats facing U.S. businesses, according to the Pinkerton Consulting and Investigations 10th Annual Survey of Fortune 1000 Corporate Security Professionals. In May 2002 the Privacy Rights Clearinghouse released the

Save Your Identity

results of its survey of identity theft victims.The survey revealed that the average victim spends 175 hours and more than $800 to resolve problems caused by identity theft and that it can take between two and four years to get these problems cleared up. It is important to recognize that 175 hours is more than a month of full-time work, figuring a 40-hour workweek. The $800 is not reimbursed; it comes out of your pocket and is gone—the monetary price you pay to clear up the effects of being a victim of identity theft. Furthermore there is a two- to four-year period during which you have errors in your credit reports; bill collectors are calling you; you have problems receiving credit, applying for a loan, and mortgaging a home; and you may be defending yourself against various criminal and civil charges. Identity theft can go on for months or even years before you

become aware that you are a victim. When an identity thief is running up debt in your name, you may not be aware of it until you apply for some type of credit yourself. Perhaps you decide it’s time to buy that new car or dream home, and the price is well within what you can afford. Maybe your kid is ready to begin his or her first year of college. So you go to your bank and apply for a loan. You know that you’ve always paid your bills on time and that you’ve used credit responsibly for several years, so you’re expecting quick approval of your loan application. It comes as quite a shock when your loan application is turned down cold. Denied! Your credit reports show thousands of dollars in bad debt, massive late payments, or simply no payments at all with accounts being closed and sent to collection agencies. You’re the

victim of an identity thief.There will be no new car this year.That dream home will go to someone else since you can’t get financing, and your child will be flipping burgers at the local fast food restaurant because you can’t get a loan to cover college tuition this year. Finally, consider

Senate

the findings

Bill $223—The

of Congress

Identity Theft

Congress, Ist Session, 28 January 2003):

as presented

in

Prevention Act (108th

Introduction

Congress finds that—

dd)

the crime of identity theft has become one of the major law enforcement challenges of the new economy, as vast quantities of sensitive, personal information are now vulnerable to criminal interception and misuse;

(2)

(3)

(4) 6)

in November 2002, Americans were alerted to the dangers of identity theft when Federal prosecutors announced that 3 individuals had allegedly sold the credit and personal information of 30,000 people, the largest single identity theft case in United States history; hundreds of thousands of Americans are victims of identity theft each year, resulting in an annual cost to industry of more than $3,500,000,000. several indicators reveal that despite increased public awareness of the crime, the number of incidents of identity theft continues to rise; in December 2001, the Federal Trade Commission received an average of more than 3,000 identity theft calls per week,

a 700

percent

increase

since

the

Identity Theft

Clearinghouse began operation in November

Data

1999;

(6)

allegations of Social Security number fraud increased by

©)

65,000; a national credit reporting agency reported that consumer requests for fraud alerts increased by 53 percent during fis-

500

percent

between

1998

and

2001,

from

11,000

to

cal year 2001;

(8) identity theft violates the privacy of American citizens and ruins their good names; (9) victims of identity theft may suffer restricted access to credit and diminished employment opportunities, and may spend years repairing the damage to credit histories caused by identity theft; (10) businesses and government agencies that handle sensitive personal information of consumers have a responsibility to protect this information from identity thieves; and

Save Your Identity

(11) the private sector can better protect consumers by implementing effective fraud alerts, affording greater consumer access to credit reports, truncating of credit card numbers, and establishing other prevention measures. The foregoing information and much more like it, which can

easily be discovered through an online or library search, should convince even the most skeptical person that Americans face a very serious and growing problem in the crime of identity theft. Once you concede that identity theft is a serious problem, you will want to take steps to prevent yourself from becoming a victim. In order to do this, you need to understand just how someone goes about stealing your identity.

HOW DOES SOMEONE STEAL YOUR IDENTITY? To steal your identity, an identity thief must know something about you. Unfortunately, he does not need to know a great deal. Just a few key pieces of information are all he needs. With nothing more than your name, date of birth, current address, and the key to identity theft—your Social Security number—a criminal can assume your identity. Once a criminal is able to gather some basic information about you, he uses this information to convince others that he is

you—that is, he steals your identity. This something as simple as stealing your checks to make purchases at local stores your identity over a period of months

can run the gamut from checkbook and forging to completely assuming or years. In either case,

however, in order to be successful the identity thief must know enough about you to convince someone else that he is in fact you. Unfortunately, this isn’t all that difficult.

When you choose to disclose certain personal information to a business for a particular purpose (such as opening an account),

too often you disclose the exact information needed by an identity thief, with little thought for the risk you assume every time

Introduction

you do so. Furthermore, adding insult to injury, the business often turns around and sells your personal and private information to other companies as part of its marketing scheme. If you have established credit, a bit of money in savings, and perhaps some investments, it is easy to understand why an identity thief would target you as his next victim. He wants to steal your cash and make a fast getaway. On the other hand, it may be that you don’t have any investments, no real savings, and haven’t established much credit. Does this mean that you are safe? Will an identity thief ignore you because you have nothing he can steal immediately? Unfortunately, the answer to this question is a definite NO! You are also a potential target.An identity thief may take over your identity on a long-term basis and—because you are not actively using credit, are not maintaining a bank account, and the like—do a great deal of damage acting in your name before you ever become aware of the crime. An identity thief will target anyone about whom he can discover sufficient personal information to make his crime successful.To protect yourself from the crime of identity theft, it is essential that you maintain your personal privacy. An identity thief will be hard-pressed to steal your identity if he can discover no personal information about you. Protect your personal information, and you will not become one of the hundreds of thousands of victims of identity theft every year. As we continue to look at this crime, we will divide it into two overlapping categories: short-term identity theft and longterm identity theft.

Short-Term Identity Theft The short-term identity thief is after a quick score. He wants to grab as much of your money as he can in the shortest possible time and then move on to his next victim. The short-term identity thief will take over a portion of your identity, run up bills in your name, and then disappear. An example of a short-term identity thief is the criminal who

Save Your Identity

steals your wallet. He of course takes whatever cash you have, but he is also now in possession of your credit card(s) and identification. Using your credit cards, he quickly purchases several items that can easily be pawned or sold. He uses your credit cards until they are denied—because you have reported them stolen, or because he has run the credit limit to the maximum on them. Either way, as soon as one of your credit cards is denied,

the thief simply abandons it. An identity thief may also take over your checking account by stealing your checkbook and identification. Many businesses will accept personal checks as payment for their products or services. Some businesses will even cash checks for individuals who are not making a purchase.There are “check cashing” companies that make a business out of cashing checks, taking a percentage of the check as the fee for cashing it. It takes little effort to find one of these check-cashing services, and not much more to find one that requires little in the way of identification in order to cash a check. In fact, I have frequently seen these companies advertising “Checks Cashed Here—No ID Needed.” Even in cases where identification is required as a condition of cashing a check or making a purchase with a personal check, the ID check is often more of a formality than a function of secu-

rity. If the name on the check matches the name on the ID presented, this is usually sufficient. There is usually little effort made to ensure that the ID matches the person presenting it or that it is not a forgery. While

researching

this book,

I accompanied

a friend to a

local shopping mall where he planned to make a few purchases. He had his personal checkbook and driver’s license for identification. After finding the items he intended to purchase, he gave me his checkbook and driver’s license, and I took his items to the

checkout, where I attempted to make the purchase using his personal checks and ID. We tried this in three separate stores. In the two stores where I was actually asked for ID, I filled out the check and handed it to the cashier along with my friend’s dri-

Introduction

ver’s license. In both cases the cashier looked at the driver’s license and appeared to compare the information on the driver’s license with that on the check.The cashier then returned the driver’s license to me and thanked me for shopping at the store, and I was on my way with the purchases. In the third store, the cashier accepted my (friend’s) check without even asking for any type of ID. In each of these cases, had I been a thief Iwould have successfully made purchases, each totaling more than $50, with

forged checks. It should be noted that, aside from being of the same basic age and build, I do not bear a close resemblance to my friend. Nor am I a skilled forger who was able to match my friend’s signature from his driver’s license when I signed his checks. I simply signed his name—the signatures did not really match. You may be wondering why I was able to make purchases so easily using someone else’s checking account and identification. The answer is simply customer service. Retail service personnel, salesmen, cashiers, and the like are trying to make sales and

encourage repeat business. They are not security experts, and they generally are not considering the possibility of fraud during a transaction. While making these purchases I was neatly dressed. I was courteous to the cashier and made the usual small talk while my purchases were being totaled and while I wrote out the check to pay for them. In the first two instances the name and address on the driver’s license I presented matched the name and address on the check I had just written. Even if these cashiers noticed some discrepancy, neither mentioned it. No cashier wants to accuse someone of presenting a forged check and take a chance on being wrong. It’s safe to assume that sooner or later an identity thief attempting to pass forged checks will run into a cashier who will call attention to a discrepancy or refuse to accept a check. However, this is usually not much of a problem for the identity thief. He simply gathers his forged check and stolen ID and

Save Your Identity

leaves the store. The retail clerk has prevented the identity thief from making this one purchase, but there is almost no chance of this clerk notifying the police and having them look into possible check forgery or identity theft. Having refused to accept the forged check, the clerk/business has avoided being victimized, and thus the police—even if they were to be called, which is unlikely—probably will not do much. This same type of misuse can be seen with credit cards.As long as the credit card successfully processes, it is rare for any merchant to question the transaction. It is so common for people to loan their credit cards to others (husbands/wives, boyfriends/girlfriends, parents/children) that if a customer has a credit card in other than his own name it is no longer a clear indicator of misuse. Furthermore, credit card users too often fail to sign their cards, or they write some ridiculous statement, like “See ID” in

place of their signature. As a result, retail clerks do not tend to compare signatures on the credit card and charge slip as part of the transaction. When it comes to short-term identity theft, the identity thief

will usually take over accounts that you have legitimately established (e.g., credit cards, checking accounts) and use them (pre-

tending to be you) until he has depleted all available funds or is denied access because you have closed the accounts. Short-term identity theft is a serious problem, but the damage is usually limited to loss of funds and disruption of specific accounts. While the effects of short-term identity theft can be disruptive, long-term identity theft can be disastrous.

Long-Term Identity Theft The long-term identity thief can take over your identity, posing as you for months or even years. He is looking for more than just a quick “score” and a little fast cash. He is using your identity to hide his own and will take actions in your name, such as obtaining credit cards, establishing accounts, and per-

Introduction haps even making major purchases, such as an automobile. When he defaults on these debts, not only is your credit rating destroyed and your reputation ruined, but you can also be arrested and jailed! One of the major differences is that while the short-term identity thief is taking over accounts you have established, the long-

term identity thief is establishing new accounts in your name. There are several reasons that an identity thief might take over your identity on a long-term basis. The first, of course, is the same as that of the short-term identity thief—he is trying to rip you off. The identity thief wants to steal your money (or steal money in your name), and he has a plan to do it. In this case, however, he is willing to invest some extra time and effort for a “bigger score” A Jong-term identity thief may also choose to take over your identity in an effort to cover his own tracks—to hide his true identity behind yours. You need not be anybody special to qualify. In fact, the more

mundane, run-of-the-mill

life you lead, the

more attractive you are to this type of identity thief. He will almost certainly run up bills in your name and then skip out on the unpaid debts, but in the interim he is looking to live his life as someone else—and that someone is you. Having learned some basic information about you and haying obtained your Social Security number (the key to identity theft), he will begin to gather identifying documents in your name for the purpose of establishing new accounts. Let’s see how this might work. First, the identity thief needs to gain some form of basic ID in your name. This need not be anything too complicated, just something that can be flashed for those unofficial requests for ID.As we will see elsewhere in this book, there are places where one can purchase a convincing “novelty ID’ for very little money. If our identity thief has a computer and good printer, he can even produce an acceptable ID at home with a little time and effort. Having this basic ID in hand, our identity thief begins to

Save Your Identity

acquire additional documentation and services in your name. He might set up cellular telephone service, for instance, filling out the application using your identifying information and giving your Social Security number. The cellular company may run a credit check before establishing the account, but since the identity thief has provided your information (assuming you are not a total deadbeat), the account is going to be approved. The identity thief might also set up an account with the local video rental store. Not much

effort is required

here, and the

video rental card gives him a secondary piece of ID in your name. How about a “preferred shopper” card from one of the major grocery stores? The idea is to gather all those pieces of secondary identification and other clutter that you have in your wallet or purse. As the identity thief continues to take over your identity, he will need a place to receive mail in your name. Establishing a mailing address is not an overwhelming problem for the identity thief by any means. One very simple way is to place a mailbox in line with others along a rural route or country road. Once the identity thief has set up his new box, the postal carrier will leave some forms for him to complete but may never actually see any house associated with the box. He or she is not going to search all of the twists and turns of backcountry roads to locate the house associated with a mailbox alongside the road. Once this “mailbox

address” is established, it appears, for all intents and

purposes, to be just another home along the rural delivery route, and the mail carrier will begin delivering mail to it. Once he has established a mailing address, he can begin to set up even more accounts in your name. Department store credit cards, check cashing cards, fuel cards, calling cards—all can be

obtained with no more than a basic ID and maybe a quick credit check. Remember, the identity thief has your Social Security number, so these checks are run using your name and approval is granted based on your credit rating. With a mailing address, a basic ID in your name, and maybe a

Introduction

couple of department store credit cards in hand, the identity thief goes to the bank and opens a checking account. Now, the bank

will almost certainly conduct a couple of basic checks when opening the account, but since these are being conducted in your name, and since the identity thief is putting money in the bank, he will have very little problem getting the account established. The ease with which an identity thief can steal your identity is based upon only a couple of factors. First, people tend to believe what they see and hear unless given a specific reason to question it. If someone introduces himself as John Smith, you will recognize that person as being John Smith. When someone writes a check in the name of Sally Smith and shows you an ID card in the name of Sally Smith, you will likely believe that Sally is the one making payment with the check in question. Secondly, when basic credit checks are conducted, they tend to be keyed to a single identifying factor—the Social Security number. Such checks provide almost no security and almost always create an avenue by which an identity thief can gain access to your private records. This is why the Social Security number has rightly been called the key to identity theft. So because the identity thief has gained access to your Social Security number, and because people tend to believe what they see and hear, he has been able to establish accounts and services

in your name with little effort. Now he can continue to live his life under your name, and, assuming that he doesn’t simply run up the accounts he has established to their maximum and skip town, you won't even be aware of it. As far as the creditors are concerned, he is you—and if he is paying the bills on time, they think you are paying the bills on time. So why would an identity thief open accounts in your name and bother to pay the bills? Well, small accounts with low credit limits can lead to large accounts with high credit limits. Additionally, the identity thief may be using your identity to shield his true identity while he commits other types of crimes. It is certainly safe to presume, however, that there will come

Save Your Identity a time when the identity thief will be ready to abandon your identity. This may be because he has maxed out all the creuiit cards he has obtained in your name, overdrawn any accounts he has established in your name, and finds that the services he has obtained in your name are being canceled for failure to pay. It may be that he finds the law looking for him (vou?) and decides that your identity is no longer profitable. So he abandons your identity, leaving your credit in ruins, your good name sullied, and a number of bill collectors and maybe the police looking for you. If this sounds extreme, remember that nearly | million peo ple become the victims of identity theft every year. It has happened to them, and it can happen to you. But there are steps you -an take to minimize the likelihood of becoming a victim—or mitigate the damage if you do.

Minimizing Your Risk

It is important

to

remember

that identity theft is a crime, and, as with any crime, there are steps you

can take to minimize your risk of becoming a victim. Everything you do to make it more difficult for a criminal to target you increases the likelihood that he will move on to someone who is less aware and less prepared. Just as you take precautions—such as locking the doors to your home—to protect yourself from burglars, you need to take precautions to protect yourself from identity thieves. The first step in protecting yourself from identity theft is awareness. You must realize that this

crime

exists,

that

it is an

increasing threat, and that you may become a victim if you don’t take

Save Your Identity

precautions against it. Since you are reading this book, we can assume that you already have an awareness of this threat, or at least you will once you finish reading it.The next step is to do those things that minimize the threat. Finally, should you be targeted by an identity thief despite those efforts, you can take action to mitigate the damage. The essential element of identity theft prevention is maintaining your personal privacy. An identity thief cannot steal your identity if he can’t discover certain basic information about you. If you make a habit of protecting your personal privacy, of not disclosing information about yourself, and of putting blocks in the way of others attempting to gather information about you, you can protect yourself from the crime of identity theft.

IDENTITY THEFT PREVENTION TOP 10 LIST There are many things you can do to prevent identity theft, and we will discuss these in detail throughout this book. There are, however, certain things that everyone should do right now that will significantly reduce the risk of identity theft. In researching this book, Ihave condensed these actions to a list of 10 essential steps.

1.

2.

3.

Never disclose your Social Security number unless specifically required to by law. Remember, the Social Security number has become a de facto national identity number. If an identity thief can gain access to your Social Security number, he has the key to your identity. Maintain only minimal information on your personal checks. You should only use personal checks to send money through the mail in order to pay established accounts. Never use personal checks to pay for a direct retail purchase. Receive mail only in a locked box. Send mail only by depositing it at the post office. Mail theft is directly

Minimizing Your Risk

associated with identity theft. Don’t allow a thief to steal your identity by stealing your mail. Don’t provide supplementary identification when making a purchase with a credit card. The major credit card companies prohibit merchants from requiring ID as a condition of using a properly signed credit card. Merchants who do so are putting you at risk. Properly sign your credit cards, and don’t show ID when using them. Never deal with telemarketers or respond to unsolicited commercial e-mail (spam). When you provide

10.

personal information to telemarketers, you have no real proof that they are who they claim to be, and if you respond to spam you will find that it is almost always a scam. Check your credit reports at least once per year. It is important to know what information is contained in your credit reports and to ensure that the information is accurate. Establish a password on each of your accounts. Arrange for this password to be required before any information is given out about that account. Opt out of all marketing and prescreening databases. Register with the Direct Marketing Association’s (DMA’s) Mail and Telephone Preference Services, and then opt out of the screening of your credit reports by calling 1-888-5-OPT-OUT. Use a cross-cut paper shredder to destroy sensitive personal information before discarding it. Don’t enable an identity thief to gather information about you by collecting your trash. Protect your personal communication with strong encryption. Don’t let your e-mail or online shopping become a source of information for an identity thief. Use encryption software such as Pretty Good Privacy

Save Your Identity

(PGP) to safeguard your e-mail, and shop online only on secure Web sites.

By following the above 10 steps, you will significantly reduce your vulnerability to identity theft. However, in order to safeguard yourself most effectively against identity theft and related crimes, it is necessary to examine the crime of identity theft and your vulnerabilities in greater detail.

Factors Contributing to Identity Theft

There are many factors that contribute to identity theft, and any combination of them can lead to your becoming a victim. However, broadly two leading causes

speaking, the are (1) failure safeguard their

of individuals to personal information from unnecessary disclosure

and (2) the col-

lection by businesses and organizations of personal information that is not directly and immediately required for their daily operations and places their customers at risk for identity theft should that information be compromised. Let’s take a look at some specific examples of such security breaches and how they enable someone to steal your identity.

Save Your Identity

MAIL THEFT “For the criminal, the mailbox is the gateway to financial fraud, and victims are left with emptied bank accounts and shattered credit ratings.” —King County, Washington, Prosecuting Attorney Norm Maleng

Although “high-tech” theft of personal information contained in supposedly secure databases tends to make the national news, it is important to understand that for the most part identity theft is a fairly “low-tech” affair. One common way for an identity thief to gather information about you (and thereafter use it against you) is to steal your mail. If you have your mail delivered to your home or leave it in an unlocked mailbox at your home to be picked up by your postal carrier, it is vulnerable to being stolen. Numerous agencies, organizations, and communities echo this warning. For example, the official Web site of the City of Lakewood, Colorado (www.lakewood.org), warns, “Identity theft occurs when a thief steals your

personal identifying information to take over your bank accounts or fraudulently apply for credit in your name.The most common

identifiers used are name, address, date of birth, Social

Security number and mother’s maiden name. The majority of identity theft schemes involve the US. Mail [emphasis added].” Your unsecured mail is a gold mine for an identity thief. He can steal your new or renewed credit cards. He can steal your latest order of checks. He can steal your bank statement or your bills to obtain information about you and your accounts. This is not a minor or limited threat; in fact, mail theft is on the rise as

indicated by regular news headlines:

“Identity Thefts on the Rise inArea, Postal Inspectors Say” —Dallas Morning News, June 2002

Factors Contributing to Identity Theft

“Two Charged with 445 Counts of Theft in Mailboxes Case” —Tampa

Tribune, 12 March 2002

“Women Charged with Stealing from Mailboxes across Gulf Coast” —The Tuscaloosa News, 18 May 2002 “Postal Inspector Urges Everyday Precautions against Identity Theft” —Lubbock Avalanche-Journal, 15 February 2002

Fay Faron, nationally

recognized

columnist, stated in her column

private

investigator

and

on 7 April 2002, “Mail is at its

most vulnerable when placed in a residential mailbox.To leave it there unattended and unlocked is to trust every stranger that passes by your home—NOT SMART” The U.S. Postal Inspection Service points out some basic facts about mail theft: °

°

°

Thieves often break into mailboxes at night and take

advantage of customers who don’t pick up their mail. Thieves know very well to look for mailboxes with the red flags up, and they'll quickly steal the mail. Mail thieves look for items found every day in the mail, such as bank statements

°

and credit card bills,

which they can use to create counterfeit checks or fake IDs. They also look for personal checks, such as utility bills or other payments, which they can “wash” clean of handwriting and fill in with new amounts— and make out to themselves. Check your financial statements regularly. We call them “dumpster divers”’—thieves who go through trash bins looking for mail and any other information they can use to access your financial accounts or sell to someone else who wants to access your accounts. Shred all of your personal information before throwing it away.

Save Your Identity The Postal Inspection Service (www.usps.gov/ postalinspectors/safemail.htm) then recommends lowing steps to protect your mail:

° ° : ° °

°

the

fol

Place mail for pick-up in a blue collection box or at your post office. Pick up your mail promptly after delivery. Don't leave it in your mailbox overnight. Don’t send cash in the mail. Ask your bank for“secure” checks that can’t be altered. Tell your post office when you'll be out of town so they can hold your mail until you return. Report all mail theft to a postal inspector.

Protecting the security of your mail is an essential step in protecting yourself from identity theft. As we have seen, mail theft is one of the many crimes an identity thief will commit in order to steal your identity, While First Class Mail is acceptable for most correspondence, you may want to consider more secure forms of mail for sensitive and important correspondence. Don’t forget about services such as Priority Mail with delivery confirmation, Certified Mail, and Registered Mail. Although these services Come at a premium price, they do provide additional security, confirmation, and tracking of your important and senSitive correspondence. Simply put, you need to safeguard your outgoing mail by depositing it at the post office or in an official USPS mailbox. Mail you receive should be delivered to a post office box. If you have mail delivered to your home, it must be delivered to a locking mailbox. To do otherwise simply gives an identity thief the chance to use your mail as a source of information to steal your identity.

Factors Contributing to Identity Theft

DUMPSTER DIVING “We call them ‘dumpster divers’—thieves who go through trash bins looking for mail and any other information they can use to access your financial accounts, or to sell to someone else who wants to access your accounts.” —U.S. Postal Inspection Service An identity thief can steal your mail without taking it from your mailbox. He can steal it from your trash bin! Unless you’re a celebrity, you probably haven’t thought much about anyone going through your trash, but your trash contains a treasure trove of information about you. Sooner or later the bank statements, credit card statements,

bills and invoices, preapproved offers ty much everything else you receive your trash. Additionally, your trash would not be available to an identity

for this and that, and pretin the mail will end up in contains information that thief who only stole your

mail. Remember, not every piece of important, personal, or private information comes through the mail. For example, your paycheck and its associated pay stub may be given to you directly by your employer every payday. An identity thief getting a copy of your carelessly discarded pay stub would obtain a good deal of personal information about you. Fortunately, preventing an identity thief from gaining any useful information from your trash is fairly easy to accomplish. It is simply a matter of ensuring that anything containing printed information is rendered into an unreadable format before you throw it away. Generally this means buying a paper shredder and using it to shred any documents, letters, bills, invoices, mailing labels, notes, and so on before throwing them into the trash.

Most office supply stores and many general department stores sell paper shredders.They come in two basic types: strip shredders

Save Your Identity

and cross-cut shredders. Strip shredders cut the paper being shredded into continuous strips about a quarter-inch wide for the entire length of the paper. Cross-cut shredders cut the paper being shredded into strips and then cut each of these strips at a different angle to the original cut, resulting in small flakes of paper. Although either type will probably be sufficient to convince an identity thief to focus

his efforts

elsewhere,

the cross-cut

shredder

is more

secure (it provides more complete destruction of the shredded document) and should be used whenever possible. Of course, one

of the best ways to avoid having to shred

large amounts of paper containing personal information is not to receive it in the first place. As we have already discussed, you can opt out of the screening of your credit report for “preapproved credit offers” by calling 1-888-5-OPT-OUT. Another way to limit the amount of junk mail you receive and the number of mass-marketing databases in which your personal information is contained is to register with the DMA’s Mail Preference Service. Simply send a written request to the following address:

Direct Marketing Association Attn: Mail Preference Service P.O. Box 282 Carmel, NY 10512

Most reputable direct mail marketing services screen their mailing lists against the DMA’s Mail Preference Service List. It costs direct mail marketers money to send an advertisement by mail, and thus it is beneficial to these marketers to remove from their mailing lists those persons who have expressed a clear desire not to receive such mailings. It makes no sense for a direct mail marketer to waste money sending advertising to someone who is simply going to throw it away without reading it. Most businesses update their direct mail marketing lists quarterly, so you should begin to see a noticeable decrease in junk mail reaching your mailbox within three months of sending your request.

Factors Contributing to Identity Theft

TELEMARKETING You're just sitting down to dinner, or perhaps enjoying a quiet afternoon at home, and the telephone rings. “Hello Mrs. Jones ...I am calling on behalf of the Fly-By-Night Company with a special offer; available today only... especially designed just for you ... blah, blah, blah.” Your peaceful afternoon or the enjoyment of your meal has just been interrupted by a telemarketer. Or has it? Although many people will tell any telemarketer calling their home to “take a hike” or to go somewhere else that’s a bit hotter, there are still a significant number of people who will listen to a telemarketer’s sales pitch and purchase whatever he is selling. From a personal privacy point of view you should never conduct any type of business with a telemarketer. Furthermore, when considering the threat of identity theft, telemarketing calls become a specific threat. The problem we face from an identity theft point of view is that we really don’t know who is on the other end of the telephone call. It could be a legitimate and reputable business marketing products over the telephone, or it could just as easily be a criminal trying to gain personal information about you for the purpose of identity theft. If you respond to a telemarketer’s offer and decide to purchase whatever he is selling, you will be asked to provide a means of payment. You will normally provide a credit card number along with associated billing and identity information. If you have provided this information to a legitimate business, you will soon receive whatever it is you just ordered from the telemarketer. However, if you have just provided your personal identifying information, along with your credit card information, to an identity thief, you now have a very serious problem.

DIMA’s Telephone Preference Service As a first step toward protecting yourself from telemarketers, I recommend that you register with the DMA’s Telephone

Save Your Identity

Preference Service. The DMA maintains a list of home telephone numbers of households that do not want to receive calls from telemarketers. All reputable national-level telemarketing companies screen their call lists against the DMA’s Telephone Preference (Do Not Call) List to ensure that they are not placing calls to persons who object to telemarketing calls. Local businesses (e.g., your hometown newspaper), however, may not screen their call lists with the DMA

when

making calls in their area. To register with the DMA Telephone Preference Service, send a written request to be added to the Do Not Call List to

Direct Marketing Association Attn: Telephone Preference Service PO. Box 282 Carmel, NY 10512 This is a free service, and you will notice a marked reduction in

telemarketing calls within a few months. You may also register with the Telephone Preference Service online at www.the-dma.org, but

there is a $5 online service fee. Once you've registered with the DMA Telephone Preference Service and given businesses time to update their Do Not Call Lists (usually about three months), you should no longer receive telemarketing calls. Should you receive a telemarketing call after registering, you can assume that the business placing the call is disreputable, irresponsible, some kind of scam, or the lead-in to

identity theft. When you register with the DMA Telephone Preference Service, you will remain on the Do Not Call List for five years.

National Do Not Call Registry The threat to personal privacy, the likelihood of telemarketing calls being high-pressure sales tactics or outright scams, and numerous consumer complaints about telemarketers final-

Factors Contributing to Identity Theft

ly led the federal government to create the National Do Not Call Registry. The National Do Not Call Registry is a list of telephone numbers maintained in an FTC database of individuals/households that do not want to receive calls from telemarketers. Registration began in July 2003, and FTC enforcement of the Do Not Call Registry began that October. It works like this: Call the toll-free

telephone number (1-888-382-1222) and follow the prompts. You will be asked to ensure that you are calling from the telephone number you wish to add to the Do Not Call Registry and to enter your telephone number on your telephone’s Touch-Tone keypad. You may also register online on the Do Not Call Web site (www.donotcall.gov), where you can enter up to three telephone

numbers at a time (perhaps you have two lines in your home and a cellular telephone). If you register online, you are also required to provide a valid e-mail address where a confirmation e-mail can be sent. When you receive the confirmation e-mail, just click on the included link and your telephone number(s) is added to the

Do Not Call Registry. That’s it. Once you have done this, telemarketers are prohibited from calling you with offers for their products or services. Your telephone number will remain in the National Do Not Call Registry for five years. So will this stop 100 percent of telemarketing calls? Unfortunately, no. Businesses with which you have an established relationship G.e., from which you have purchased a product or service in the past 18 months) or to which you have made an inquiry within the past three months may still contact you. Additionally, some businesses are exempt from the National Do Not Call Registry, including ° °

long-distance phone companies airlines

¢

banks and credit unions

°

insurance businesses, to the extent that they are regulated by state law

Save Your Identity

However, while these specific businesses themselves may be exempt from the provisions of the National Do Not Call Registry, any telemarketing companies they hire to conduct marketing on their behalf must screen their calls against the registry and are prohibited from calling any number contained therein. Telemarketers are required to update their Do Not Call Lists from the registry at least every three months. So from the time you register your telephone number with the National Do Not Call Registry, telemarketers have up to the full three months to add your telephone number to their Do Not Call Lists. Three months after you add your telephone number to the National Do Not Call Registry, it becomes unlawful for a telemarketer to call

you, and said telemarketer may face a fine of up to $11,000 for doing so. If you receive a telemarketing call thereafter, you can file a complaint by accessing the Do Not Call Web site. In October 2003 when the Do Not Call List became enforceable, there were more than 53 million households that had signed up with the National Do Not Call Registry expressing their desire to be left alone by telemarketers. The telemarketing industry immediately went to court and won injunctions to stop enforcement of the National Do Not Call Registry. With amazing speed, Congress proposed and passed bills within just a couple days giving the FTC authority to enforce the National Do Not Call Registry. The House voted 412-8 and the Senate 95-0 in favor of the bill permitting enforcement of the registry. (Congress recognized the threat from telemarketers, and of course, 53 million potential voters got Congress to pay attention and act with some degree of speed.) Finally, the 10th U.S. Circuit Court of Appeals blocked a lower court order barring the FTC from enforcing the registry of more than 53 million numbers.“The Supreme Court has held that there is undoubtedly a substantial governmental interest in the prevention of abusive and coercive sales practices, the ruling said. If you have not already done so, add your telephone number to the National Do Not Call Registry.

Factors Contributing to Identity Theft

THE INTERNET Does the use of the Internet increase the likelihood that you will become a victim of identity theft? If you shop online today, will you find numerous fraudulent charges on your credit card tomorrow? The short answer is no.The majority of identity theft occurs Offline. Using the Internet and shopping online do not significantly increase the likelihood of your becoming a victim of identity theft. It is important, however, to understand the risks associated

with the Internet and how those risks relate to identity theft. Many online shoppers are concerned that in sending their personal information and credit card number over the Internet they are broadcasting this information to the world. Now, if you place this information in an e-mail and send it off to a company to make a purchase, you may in fact be broadcasting it. However, most companies that have a Web site and allow for online orders have set up a secure order system using Secure Socket Layer (SSL). SSL encrypts the information that travels across the

Internet from your computer to that of the business with which you are doing your online shopping. Your Web browser will likely alert you when you access and leave a secure Web page. This is often indicated by the presence of a padlock on the task bar of your computer screen. Although SSL secures your information in transit, it does not ensure that it is securely stored once it is received by the business receiving your order. Likewise, there is nothing to ensure that a business securely stores your order information if you provide it over the telephone or write it down and send it through the mail. In general, shopping online with an established and reputable company using a Web site with SSL to transmit your orders is just as safe (if not more so) as placing an order over the telephone. Unfortunately, it can be difficult to tell if the Web site you are visiting and to which you are providing your personal

Save Your Identity

and billing information is that of a legitimate business or that of an identity thief.

Of course, once you have identified the Web site of a reputable business from a trusted source, you should feel confident in using the online services provided by that business. However, as with cons and scams that occur in the physical world, you should be aware of those that occur online. It is important to recognize that when you are approached by a stranger offering you a “great deal” online, it may well be one of the many criminals who make their offers through unsolicited commercial e-mail, or spam.

The first and greatest threat on the Internet is spam. If you have an e-mail account, sooner or later you will begin to receive spam. Spam markets everything from drugs to child pornography to get-rich-quick schemes to home mortgages to fad diets and just about anything else you can think of. The one common thread running through these unsolicited commercial e-mail offers is that they are usually illegitimate. Spam is a scam! Unfortunately, enough people fall for these scams and send off enough of their hard-earned money (for products and services they may never receive) to keep spammers in business. According to Brightmail, a San Francisco-based company specializing in the filtering and analysis of e-mail (as reported in the Washington Times on 1 August 2002), there were more than 4.8 million spam attacks in June 2002, up from 880,000 a year earli-

er. Mind you, the June 2002 figure does not represent 4.8 million pieces

of unsolicited

e-mail, but 4.8 million

different

attacks,

each consisting of thousands of pieces of unsolicited e-mail! According to Bryson Gordon, a product-line manager with the computer security company McAfee.Com,“Spam is transitioning from being a mere annoyance to a security threat.” Gordon explains that spam poses a serious threat by capturing personal and private information through the use of false claims and misleading links. Spammers will establish a Web page and send out spam that mimics the advertising of a respected retail store, offering low sale prices on a number of different items to

©

Factors Contributing to Identity Theft

hundreds of thousands or millions of potential victims. Those who take the bait will follow links contained in the spam to a Web site that appears to be that of a respected store or business. Unfortunately for the victims of these scams, the Web pages are fakes and, according to Mr. Gordon, exist simply to capture people’s credit card information. To protect yourself from identity theft, it is very important that you never respond to spam. Even an e-mail that appears to be from a business you trust and have had good dealings with in the past may be a fake. Now, this does not mean that you can’t or shouldn’t shop online. Online shopping allows you to compare products and prices from a wide variety of companies and choose the deal that best meets your needs and desires.As long as you are locating the companies with which you do business directly (for example, by using a search engine to search out the product you wish to buy), online shopping is perfectly OK. On the other hand, if you discovered the company in question through spam, beware. Spam is a scam, and this may very well be a criminal’s attempt to gather as many credit card numbers and as much associated billing information as possible. As in the physical world, we need to remain cautious and aware of potential threats in cyberspace.

COMPUTERS Computers enable us to store and process massive amounts of information. The contents of a small library can be carried on a laptop computer. More importantly for those of us who use computers in our personal lives, they may contain all of our personal and financial information in one location—on the computer’s hard drive. We have already seen how information contained on computers can be lost or stolen. According to the Washington, DC, Metropolitan Police Department (http://mpdc.dc.gov/), “It is

Save Your Identity

estimated that over 300,000 laptop computers were stolen in the U.S. in 1999 alone.” Certainly, many of these were stolen sim-

ply for the value of the computers alone; a laptop is small, portable, and may cost as much as $5,000. However, it’s safe to assume that much of the information contained on these stolen computers was used in the furtherance of other crimes. If you keep personal information on your computer (€.g., budgets, account information, health/medical information, personal correspondence, and so on), you should store that infor-

mation in a format that cannot be used by a thief should your computer be stolen. Simply put, this means storing your information in encrypted files. There are several top-quality encryption and security programs available to protect your computer files. I discuss a number of these that you can get for free in my book Freeware Encryption and Security Programs: Protecting Your Computer and Your Privacy (Paladin Press, 2001).

No matter what other type of computer security programs you choose to use to protect your personal information, I strongly encourage you to obtain a copy of PGP and incorporate it into your computer security planning. PGP is available free of charge for personal use and may be downloaded from various sources on the Internet. The best places to obtain the latest copy of PGP are from the Massachusetts Institute of Technology’s PGP Distribution Site at http://web.mit.edu/network/pgp.html, the PGP International Site at www.pgpi.org, or from the PGP Corporation at www.pgp.com. When encrypted using PGP, the previous sentence becomes totally unintelligible, as you can see in the following example: ——-BEGIN

PGP MESSAGE— —-

Version: PGP 8.0

GANQRIDDDQQJAwLq7R6f}flwA2DJwA9o hnASwGKGqn6n7W8I9krNpQSQ9cCcL8e1

cC2u8QIYBk8Fa+PNO4W+W37npbXiMQo

Factors Contributing to Identity Theft

NnaJ9wBbhEdJjyaqbb2eaiW 03Bi6aJ2e78SH /PEmrx5auXbRPUS5RCSeXjH2CYmvolw3/B i0++RLRzk0d7eJKhUUPvOrfd2DTutKGx01

EltAGPtlQ4mAU 1LrQuUGKxI2ihl0p4UnKyy

BV12gBZXuZElKnuzqN7UEh5/UJZs6UJjBfj

RtcT7pGAm3FYtK4z1WdCxVwSPXDTcSAt S5PVBR4s= =hYPd

——-END PGP MESSAGE——By protecting the personal and private information stored on your computer, you can prevent the theft of your computer from turning into identity theft.

YOUR SOCIAL SECURITY NUMBERTHE REY TO IDENTITY THEFT In order to steal your identity, a criminal needs to gather personal identifying information about you. While an identity thief will try to gather as much as possible, the one key piece of information he needs to make his crime successful is your Social Security number. When Social Security numbers were introduced as part of the Social Security Act of 1935 there was a great deal of concern among the American people that such a numbering system could become a national ID number, thereby posing a significant threat to our rights and freedoms. It took little imagination on the part

of our parents or grandparents in 1935 to envision the kind of harm that could be done by adopting a national identification number. National ID numbers were something those Nazis gaining power in Germany might do but never something that would be tolerated by free people in a constitutional republic. In 1935 the American government agreed that a national ID number was certainly not something to be imposed on a free

Save Your Identity

people and assured the nation that these new Social Security numbers would only be used to administer the Social Security program. Social Security cards were even printed with the annotation “NOT FOR IDENTIFICATION.” In 1943 President Franklin D. Roosevelt signed Executive Order 9397 that required federal agencies to use the Social Security number when creating new records and systems of records. In the early 1960s the Internal Revenue Service (IRS) began using the Social Security number as a “taxpayer identification number, completely disregarding the government’s original promises that the Social Security number would not be used for identification purposes. On

1 October 2000, the government

enacted a federal law,

42 U.S.C. Section 666(a)(13), under the pretext of enforcing child support laws.This law requires you to disclose your Social Security number in order to receive any type of government license, benefit, or recreational permit. Simply put, in order to obtain a driver’s license, fishing license, marriage license, and so

on, you must disclose your Social Security number, which is entered into the database of the issuing agency. The federal government made the availability of welfare funds contingent upon states collecting Social Security numbers as part of its plan to enforce child support laws. Simply put, if a state or the people in general objected to disclosing their Social Security numbers, the federal government would cut off federal welfare funds used by the states to support the poor and the homeless. To comply with the federal law, each state has passed laws requiring the collection of Social Security numbers on applications for professional and occupational licenses, commercial driver’s licenses, recreational licenses, and marriage licenses.Additionally, in

the Federal Balanced Budget Act of 1997 (taking effect 1 October 2000), the word “commercial” was deleted from the final version of the act, thereby requiring that Social Security numbers be collected for all driver’s licenses, not just commercial licenses. Strongly opposed by the states, this massive and unwarranted

Factors Contributing to Identity Theft

expansion of the Social Security number from a single-use account number into a national identification number served only to put us at risk of having our liberty, privacy, property, and lives violated by identity thieves and other criminals. In passing applicable state laws to comply with the federal mandate, many states complained that the federal government was using coercion to force the states to comply with this ill-conceived and dangerous requirement. Consider, for example, the comments record-

ed in Washington state law regarding the federally mandated use of Social Security numbers as a national identification number: The legislature declares that enhancing the effectiveness of child support enforcement is an essential public policy goal, but that the use of social security numbers on licenses is an inappropriate, intrusive, and offensive method of improving enforceability. The legislature also finds that, in 1997, the federal government

threatened sanction by withholding of funds for programs for poor families if states did not comply with a federal requirement to use social security numbers on licenses, thus causing the legislature to enact such provisions under protest. (Revised Code of Washington RCW 26.23.150)

Despite this and similar protests by the states and their citizens, the federal mandate stood. Simply put, this means that unless you disclose your Social Security number to be entered into the databases of various state agencies, you will be denied your rightful liberties to travel the public highways (no driver’s license), enjoy the natural resources and outdoors (no fishing license), even fall in love and get married (no marriage license).

It has effectively become a national identification number. Some may argue that while our Social Security numbers are certainly used far more than originally intended and promised by the government, they aren’t national identification numbers.

Save Your Identity After all, this isn’t Communist China, nor is our government run

like old Nazi Germany, requiring enumeration of all its citizens. The United States of America is a constitutional republic, a free nation of free people ... we simply don’t have national identification numbers. Yet, as abhorrent as national identification num-

bers should be to a free people, even the Social Security Administration admits that this is exactly what Social Security numbers are. The testimony of James G. Huse Jr., inspector general of the Social Security Administration, regarding the Social Security Administration’s response to the terrorist attack on 11 September 2001 stated,

While never intended to be such, the SSN is used as our national identifier. ... By acknowledging that the SSN

is our virtual national

identifier, we

accept

the

responsibility to protect its integrity—not only to prevent the financial crimes that have historically defined SSN misuse, but to ensure that it is not used for other

criminal purposes as well.A purloined SSN is as useful a tool for terrorists as it is for identity thieves.We must now address that reality as we continue our efforts to deal with these problems. With the government using the Social Security number as a national identification number, the private sector quickly followed suit, requiring individuals to disclose their Social Security numbers as part of private transactions. Although purely private sector organizations have no legal authority to require you to disclose your Social Security number, the practice began with businesses that have government reporting requirements or are overseen by government regulators—such as banks and credit unions. With the various financial institutions now demanding that we disclose our Social Security numbers as a condition of doing business with them, related industries (e.g., insurance and medical)

Factors Contributing to Identity Theft

began demanding that we disclose our Social Security numbers. The major credit reporting agencies (the credit bureaus) use your Social Security number as a key to your credit reports, so now any business that may want to conduct a credit check on you demands your Social Security number. We have become so accustomed to disclosing our Social Security numbers that we even find them being demanded by businesses that have no legitimate use for them whatsoever (such as video rental stores).

Government and private industry are not blind to the significant threat we face as a result of having our Social Security numbers (and other personal identifying data) stored in every database from the federal government to the local video rental store. In fact, many of these agencies and businesses warn about the dangers of disclosing our Social Security numbers: °

Protect your Social Security number (SSN). Don’t print it on your checks. Don’t give it out unless it is required (on tax forms or employment records, for example). Be sure your driver’s license uses an “assigned” number and not your SSN. SSNs are the key piece of information con artists most often use to commit “identity theft”—using your information to open accounts in your name and run up expenses. —Iowa Attorney General

°

Be very careful about to whom you give out personal identification information such as your mother’s maiden name and your Social Security number. Ask if it can be kept confidential. Inquire into how it will be used and with whom it will be shared. Social Security number: Give it out only when necessary. Ask to use other types of identifiers when possible. DO NOT store your Social Security card in your wallet. —New York Attorney General

Save Your Identity

Don’t pre-print your driver’s license, telephone or Social Security numbers on your checks. Identity theft and account fraud happen when someone steals personal information such as your bank account number or Social Security number and then poses as you, either withdrawing money from your account or running up debt in your name, or both. The threat is real, and the government estimates 400,000 people are victimized by these crimes each year. —Chase Financial

Be especially careful with sensitive personal information. Your Social Security number should not be requested except by an employer, government agency, lender, or credit bureau. If that information

falls into the wrong hands, it can be used by someone to impersonate you in order to steal from your accounts or to steal from others in your name. Many states no longer use Social Security numbers on driver’s licenses. Some states offer random numbers as alternatives and bar merchants from asking consumers to put their Social Security numbers on checks or credit card slips. —U.S. General Services Administration Identity theft occurs when someone

gains access to

another person’s personal information, such as the DL number, Social Security number, bank or credit card account numbers, and uses them to commit fraud or

theft.An impostor can use your identity to open fraudulent credit accounts, secure loans for cars and hous-

ing, or steal money from your bank accounts. Protect your Social Security number by not releasing it to anyone unless required by law. —California Department of Motor Vehicles

©

Factors Contributing to Identity Theft

Your Social Security number is the most valuable piece of your personal financial information because it is your main identifying number for employment, tax reporting, and credit history tracking purposes. If your Social Security number falls in the hands of a thief, you could face serious problems as a result.A thief could use your Social Security number to obtain employment, open credit card accounts, or obtain loans under

your name.The best way to protect yourself is to guard your Social Security number and provide it to others only when absolutely necessary. —New York Better Business Bureau By revealing our SSNs to so many entities—governmental and private organizations alike—we’'re sacrificing our right to privacy and anonymity. And in an information society, these are increasingly rare commodities. But because the SSN is so commonly used as an individual account number, this nine-digit code ends up being a virtual pass key to a vast amount of private, and often sensitive, information about you— your address, medical history, shopping preferences, household income, and use of prescription drugs, to name just a few. Use caution when giving out your SSN to a government agency. They are required by the Privacy Act of 1974 to tell you why your SSN is necessary, whether giving your SSN is mandatory or voluntary, and how your SSN will be used. And stop giving your SSN to private organizations. Suggest they use an alternative identifying number. If they refuse, think about taking your business elsewhere.

They'll get the hint. —American

Civil Liberties Union (ACLU)

ID theft puts an ugly face on your good name.A con

©

Save Your Identity artist who knows your Social Security number, bank

account information, or other personal details can temporarily become you in order to commit fraud. Fixing the damage could take years. Social Security numbers (SSNs) are especially hot items for identity thieves because they often are the key to getting new credit cards, applying for federal benefit payments, or opening other doors to money. The Social Security Administration says that consumer complaints about the alleged misuse of SSNs are rising dramatically, from about 8,000 in 1997 to more than

30,000 in 1999. “Giving your number

is voluntary,

even when you are asked for the number

directly,”

says the Social Security Administration. “If requested, you should ask why your number is needed, how your number will be used, what law requires you to give your number, and what the consequences are if you refuse.” —Federal Deposit Insurance Corporation (FDIC)

Don’t carry your Social Security number; leave it in a secure place. Give your SSN only when absolutely necessary. Ask to use other types of identifiers when possible. Before revealing any personal information, find out how it will be used and whether it will be shared with others. —U.S. Postal Service CUSPS)

Social Security numbers

are the key to much of the

financial, medical, and other personal information that

most people would like to keep confidential. Yet the numbers are so widely used, by business and government, that they have acquired a special status as a security risk. —California Office of Privacy Protection

©

Factors Contributing to Identity Theft

Don’t include information such as your driver’s license or Social Security numbers on your pre-printed checks. — Washington Mutual Bank

Do

not write your personal

identification

number

(PIN), Social Security number, or credit card account

number on checks or on your ATM or debit card. Provide your Social Security number only when necessary. —State Farm Insurance Corporation

Protect your Social Security number. Limit its use as identification; and never preprint your driver’s license or Social Security number on your checks. —First Charter Financial Services of North Carolina

Today the Social Security number has become the key to detailed government portraiture of our private lives. Even the Secretary of Health and Human Services

(HHS)

Security numbers Kristin

now

describes

American

Social

as a “de facto personal identifier.”

Davis, senior

associate

editor for Kiplinger's

Personal Finance Magazine, recently described the growing use of social security numbers as an all-purpose ID as the “single biggest threat to protecting our financial identities.” —Charlotte Twight, Ph.D., J.D. (professor and privacy expert, Boise State University, before a hearing of the Subcommittee on Government

Management, Information, and Technology, 18 May 2000)

U.S. PIRG believes that the widespread availability of the Social Security number contributes to identity

Save Your Identity

theft, which is well documented as one of the nation’s

fastest growing white-collar crimes. —U.S. Public Interest Research Group (before the Subcommittee on Social Security House Ways and Means Committee Hearing on Misuse of Social Security Numbers, 22 May 2001)

Beware of anyone asking for your Social Security number. If they refuse to complete a transaction without it, consider taking your business elsewhere. —Nolo Law For All (dentity Theft FAQ)

The crime of identity theft is increasing at epidemic proportions. With the Social Security number accessible to so many people, it is relatively easy for someone to fraudulently use your SSN to assume your identity and gain access to your bank account, credit accounts, utilities records, and other sources

of per-

sonal information. ...Adopt an active policy of not giving out your SSN unless you are convinced

it is

required or is to your benefit. Make people show you why it is needed. —Privacy Rights Clearinghouse, Fact Sheet # 10

The Social Security Number in Canada Is a SIN The threat from the issuance and misuse of a national iden-

tification number is not unique to the United States. In Canada the Social Security number is known as the Social Insurance number, or SIN. Our Canadian neighbors are suffering from the same misuse of their SIN that we in the United States are from that of our SSN. In 1998 the office of the auditor general of Canada conducted a review of the management of the Canadian Social Insurance

Factors Contributing to Identity Theft

number and found many problems, just a few of which are highlighted here: °

°

°

° °

The role of the Social Insurance number has expanded gradually. The SIN has become a de facto national identifier for income-related transactions, contrary to the government’s intent. There is a significant gap between number of living SIN holders and size of the Canadian population. Valid SINs are held by thousands of individuals with no legal status in Canada. Minimal effort is dedicated to SIN investigations. Unregulated use of SIN in the private sector is a key vulnerability. Four years later the office of the auditor general of Canada

reviewed its findings and stated,“In 2002 we returned, expecting

to find that the problems reported in 1998 would have been largely resolved. Instead, we found that progress on some key issues has been limited. The continuing weakness in the issuing of SINs leads us to conclude that HRDC has not done enough to safeguard and strengthen the integrity of the SIN.” CHRDC is Human Resources Development Canada, the Canadian government agency responsible for the SIN.)

Your Last Four A very common practice regarding requests for Social Security number information is to ask that you disclose the last four digits only.The rationale is that this partial disclosure somehow safeguards you from possible compromise of your Social Security number. Unfortunately, disclosing “your last four” does nothing to protect you, and it may be the exact information an identity thief is looking for. Many businesses are taking steps to limit disclosure of indi-

Save Your Identity

viduals’ Social Security numbers contained in their databases by masking portions of the number. In reviewing credit report header information, Isaw that Social Security numbers were masked Yes, they masked the last four in this manner: SSN: 123-45-XXXX.

digits of the Social Security number. Now, credit report header information (as opposed to the complete credit report) is generally available to anyone who wishes to obtain it. So an identity thief obtaining a copy of your credit report header information has all but the last four digits of your Social Security number. But credit header information isn’t the only place one’s Social Security number can be found. I contacted an online database

called Alumni

Finder (www.alumnifinder.com)

after

learning that they would disclose personal information containing Social Security numbers to their subscribers. What I discovered is that Alumni Finder is part of Market Models, Inc., of Wickford, Rhode Island. Market Models is a mass-marketing

company using data specialists to provide potential customer lists with “several layers of key marketing data,” including such information

as

names,

mailing

information,

fax

numbers,

domain names, and phone numbers. In obtaining my own personal information from Alumni Finder/Market Models, Inc., I found that its database also apparently includes Social Security numbers, although they took steps to protect the disclosure of my Social Security number by masking the last four digits, listing it in the format 123-45-XXXX. To be fair, these marketing companies and other related businesses are at least making some effort to shield disclosure of

Social Security numbers contained in their databases. They recognize the extensive harm that can be done should an identity thief gain access to someone’s Social Security number and associated information in their databases. The problem, however, is

that there is no consistency in the way the Social Security numbers are protected from one company to the next. Some mask the last four numbers, others disclose only the last four numbers,

and others disclose the last five numbers. Because of this, you

Factors Contributing to Identity Theft

should never feel safe disclosing any portion of your Social Security number whatsoever. By disclosing the last four digits of your Social Security number, you may be giving an identity thief the last bit of information he needs to steal your identity. It is important to understand that every time you disclose your Social Security number, in whole or in part, you are putting yourself at risk.The next time someone asks for the last four digits of your Social Security number, just say NO! The numerous warnings above (and many more like them found in the privacy and security policies of various corporations and government agencies) should make it obvious that disclosure of your Social Security number is a very bad idea, always putting you at risk of becoming a victim of identity theft or other crimes. Along this same line, any business that continues to use your Social Security number as a key to your identity or as an account number or password is operating with gross negligence, showing a complete disregard for your safety, and acting with total irresponsibility with regard to the security of the records it maintains about you. If any business requests your Social Security number, ask that business to cite the specific law that requires you to provide it and ask specifically why it’s needed. If there is no law that requires a business to collect your SSN and that business still asks for it, take your business elsewhere and make public the irresponsible conduct of the business involved. They'll get the message.

Identity Theft Prevention Act of 2003 The only way spread misuse of restricts their use the establishment

to truly fix the problem caused by the wideSocial Security numbers is to pass a law that to Social Security purposes only and prohibits of a similar national identification number in

the future. A bill currently before Congress that would accomplish this is the Identity Theft Prevention Act of 2003, introduced by Congressman Ron Paul (R-Texas). If we hope to stop the ever-

Save Your Identity

growing crime of identity theft and threats to our personal privacy, it will be necessary to pass this or a very similar bill into law very soon.The Identity Theft Prevention Act of 2003 is short and to the point and is provided here for your reference: 108th CONGRESS 1st Session

H. R. 220

To amend title II of the Social Security Act and the Internal Revenue Code of 1986 to protect the integrity and confidentiality of Social Security account numbers issued under such title,

to prohibit the establishment in the Federal Government of any uniform national identifying number, and to prohibit Federal agencies from imposing standards for identification of individuals on other agencies or persons. IN THE HOUSE OF REPRESENTATIVES January 7, 2003 Mr. PAUL (for himself, Mr. BARTLETT of Maryland, and Mr. HINCHEY) introduced the following bill; which was referred to

the Committee on Ways and Means, and in addition to the Committee on Government Reform, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the

committee concerned

Sx A BILL To amend title II of the Social Security Act and the Internal Revenue Code of 1986 to protect the integrity and confidentiality of Social Security account numbers issued under such title, to prohibit the establishment in the Federal Government of any uniform national identifying number, and to prohibit Federal agencies from imposing standards for identification of individu-

als on other agencies or persons.

Factors Contributing to Identity Theft

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE.

This Act may be cited as the ‘Identity Theft Prevention Act of 2003SEC. 2. RESTRICTIONS ON THE USE OF THE SOCIAL SECURITY ACCOUNT NUMBER.

(a) REPEAL OF PROVISIONS AUTHORIZING CERTAIN USAGES OF THE SOCIAL SECURITY ACCOUNT NUMBERSection 205(c)(2) of the Social Security Act (42 U.S.C. 405(c)(2)) is amended— (1) in subparagraph (C), by striking ‘(C)(i) It is the policy’ and all that follows through clause (vi); (2) by striking subparagraphs (C)(@x), (E), and (H); and

Q) by redesignating subparagraphs (F) and (G) as subparagraphs (E) and (#), respectively.

(b) NEW RULES APPLICABLE TO SOCIAL SECURITY ACCOUNT

NUMBERS-

Section 205(c)(2) of such Act is

amended further— (1) by inserting after subparagraph (B) the following: ‘(C)G) All social security account numbers issued under

this subsection shall be randomly generated. ‘Gi) Except as otherwise provided in this paragraph‘) the socal security account number issued under this subsection to any individual shall be the exclusive property of such individual, and ‘dD the Social Security Administration shall not

divulge the social security account number issued to any individual under this subsection to any agency or instrumentality of the Federal Government, to any

Save Your Identity

State, political subdivision of a State, or agency or instrumentality of a State or political subdivision thereof, or to any other individual. ‘Gii) Clause (ii) shall not apply with respect to the use of the social security account number as an identifying number to the extent provided in section 6109(d) of the Internal Revenue Code of 1986 (relating to use of the social security account number for social security and related purposes).; and

(2) by redesignating clauses (vii) and (viii) of subparagraph (C) as clauses (iv) and (v), respectively. (c) USE OF SOCIAL SECURITY ACCOUNT NUMBERS UNDER INTERNAL REVENUE CODE- Subsection (d) of section 6109 of the Internal Revenue Code of 1986 is amended— (1) in the heading, by inserting ‘FOR SOCIAL

SECURITY AND RELATED PURPOSES’ after ‘NUMBER’; and

(2) by striking ‘this title’ and inserting ‘section 86, chapter 2, and subtitle C of this title’ (d) EFFECTIVE DATES AND RELATED RULES(1) EFFECTIVE DATES- Not later than 60 days after the date of the enactment of this Act, the

Commissioner of Social Security shall publish in the Federal Register the date determined by the Commissioner, in consultation with the Secretary of the Treasury, to be the earliest date thereafter by

which implementation of the amendments made by this section is practicable.The amendments made by subsection (a) shall take effect on the earlier of such

date or the date which occurs 5 years after the date of the enactment of this Act. The amendments made by subsection (b) shall apply with respect to social security account numbers issued on or after such earlier date. The amendments made by subsection (c)

©

Factors Contributing to Identity Theft

shall apply with respect to calendar quarters and taxable years beginning on or after such earlier date. (2) REISSUANCE OF NUMBERS— The Commissioner of Social Security shall ensure that, not later than 5

years after the date of the enactment of this Act, all individuals who have been issued social security account numbers under section 205(c) of the Social

Security Act as of the date prior to the earlier date specified in paragraph (1) are issued new social security account numbers in accordance with such section as amended by this section. Upon issuance of such new social security account numbers, any social

security account numbers issued to such individuals prior to such earlier date specified in paragraph (1) shall be null and void and subject to the requirements of section 205(c)(2)(C)GDdD of such

Act, as amended by this section. Nothing in this section or the amendments made thereby shall be construed to preclude the Social Security Administration and the Secretary of the Treasury from cross-referencing such social security account numbers newly issued to individuals pursuant to this paragraph to the former social security account numbers of such individuals for purposes of administering title II or title XVI of such Act or administering the Internal Revenue Code of 1986 in connection with section 86, chapter 2, and subtitle C thereof. SEC. 3. CONFORMING AMENDMENTS TO THE PRIVACY ACT OF 1974. (a) IN GENERAL- Section 7 of the Privacy Act of 1974 (5 U.S.C. 552a note, 88 Stat. 1909) is amended(1) in subsection (a), by striking paragraph (2) and

inserting the following: ‘(2) The provisions of paragraph (1) of this subsection

oO

Save Your Identity

shall not apply with respect to any disclosure which is required under regulations of the commissioner of social security pursuant to section 205(c)(2) of the social

security act or under regulations of the secretary of the treasury pursuant to section 6109(d) of the internal revenue code of 1986.; and (2) by striking subsection (b) and inserting

the following: ‘(b) Except with respect to disclosures described in subsection (a)(2), no agency or instrumentality of the Federal Government, a State, a political subdivision of a

State, or any combination of the foregoing may request an individual to disclose his social security account number, on either a mandatory or voluntary basis.’

(b) EFFECTIVE DATE- The amendments made by this section shall take effect on the earlier date specified in section 2(d)(1).

SEC. 4. PROHIBITION OF GOVERNMENT-WIDE UNIFORM IDENTIFYING NUMBERS. (a) IN GENERAL- Except as authorized under section 205(c)(2) of the Social Security Act, any two agencies or

instrumentalities of the Federal Government may not implement the same identifying number with respect to any individual. (b) IDENTIFYING NUMBERS- For purposes of this section— (1) the term ‘identifying number’ with respect to an individual means any combination of alpha-numeric symbols which serves to identify such individual, and

(2) any identifying number and any one or more derivatives of such number shall be treated as the same identifying number. (c) EFFECTIVE DATE- The provisions of this section shall

take effect January 1, 2005.

©

Factors Contributing to Identity Theft

SEC. 5. PROHIBITION OF GOVERNMENT-ESTABLISHED

IDENTIFIERS.

(a) IN GENERAL- Subject to subsection (b), a Federal

agency may not— (1) establish or mandate a uniform standard for

identification of an individual that is required to be used by any other Federal agency, a State agency, or a private person for any purpose other than the purpose of conducting the authorized activities of the Federal agency establishing or mandating the standard; or (2) condition receipt of any Federal grant or contract or other Federal funding on the adoption, by a State, a State agency, or a political subdivision of a State, of a uniform standard for identification of an individual.

(b) TRANSACTIONS BETWEEN PRIVATE PERSONSNotwithstanding subsection (a), a Federal agency may not

establish or mandate a uniform standard for identification of an individual that is required to be used within the agency, or by any other Federal agency, a State agency, or a private person, for the purpose of— (1) investigating, monitoring, overseeing, or

otherwise regulating a transaction to which the Federal Government is not a party; or (2) administrative simplification. (c) REPEALER- Any provision of Federal law enacted before, on, or after the date of the enactment of this Act that is inconsistent with subsection (a) or (b) is repealed, including sections 1173(b) and 1177(a)(1) of the Social Security Act (42 U.S.C. 1320d-2(b); 42 U.S.C.

1320d-6(a)(1)). (d) DEFINITIONS- For purposes of this section: (1)AGENCY. The term ‘agency’ means any of

the following:

Save Your Identity

(A) An Executive agency (as defined in section 105 of title 5, United States Code). (B) A military department (as defined in section 102 of such title). (C) An agency in the executive branch of a State government. (D) An agency in the legislative branch of the Government of the United States or a State government. (E) An agency in the judicial branch of the Government of the United States or a State government. (2) STATE- The term ‘State’ means any of the several States, the District of Columbia, the Virgin Islands, the Commonwealth of Puerto Rico, Guam, American Samoa, the Commonwealth of the Northern Mariana Islands, the Republic of the Marshall Islands, the Federated States of Micronesia, or the Republic of Palau. (e) EFFECTIVE DATE- The provisions of this section shall

take effect January 1, 2005. eS

As you can see, the Identity Theft Prevention Act of 2003 would eliminate the widespread misuse of Social Security numbers by returning the Social Security number to its original purpose of managing our Social Security accounts. This is exactly what the government promised when it first established Social Security numbers anyway. Despite the tremendous amount of good and the major benefit that would come from passing the Identity Theft Prevention Act of 2003 into law, there is, unfortunately, some opposition to this bill. This opposition is almost entirely from uncaring government bureaucrats and representatives of big business who use Social Security numbers for tracking and accounting purposes.They point out that passage of this bill would require them to assign new

Factors Contributing to Identity Theft

account numbers, which would entail additional work on the part of their agency or business. While this may be true, the advantages of preventing identity theft and the billions of dollars in annual loss from this crime far outweigh any additional cost or work that might be associated with using our Social Security numbers only for the purpose for which they were originally established.

FALSE DRIVER'S LICENSES AND IDENTITY DOCUMENTS For much of the identity thief’s criminal activity, photo ID is necessary. When he wants to cash a check (or make a purchase using a personal check), he will likely be asked for photo ID. He will need a photo ID in order to open accounts at a bank. He will certainly be asked for photo ID when applying for a loan. Unfortunately, the people asking him for photo ID are almost never qualified as document examiners. The local bartender is probably much more adept than the local bank teller at spotting a fake ID. The bartender expects a number of underage kids to attempt to get him to serve them a drink throughout the year. The kid trying to buy beer with a fake ID is so common that it has become a cliché. However, the 40-year-old woman

opening

an account at the local bank is seldom thought of as likely to be in possession of a fake ID. It is fairly easy to obtain a passable fake ID through the mail and even easier, using your home computer and a high-quality printer, to produce fake ID that will fool almost anyone.Although I have no direct association with any of the following companies, they may serve as examples of places where one could purchase a good-quality fake ID.

°

°

www.phonyid.com—This company, located in Sweden, produces a high-quality ID that bears a very close resemblance to U.S. driver’s licenses. www.novelty-ids.com—This company produces a very believable ID. Although the ID cards do not copy

Save Your Identity

°

the appearance of actual state driver’s licenses and identification cards, they would easily pass inspection unless the person doing the checking has an ID checking guide or knows what a specific state’s driver’s license is supposed to look like. www.qualityids.;com—This company, located in Germany, provides a high-quality ID that is a close match to the driver’s licenses issued by each of the 50 states, as well as Social Security cards and secondary ID cards.

There are many other companies that sell fake/novelty ID cards and supporting documentation. Searching the Internet with terms like “fake ID” and “novelty ID” will provide you with hundreds of links. Of course, many of these sites offer products that are little better than useless as part of an identity theft scam, but as we have seen, there are other sites that offer ID and products that are highly effective. If you have a home computer and a good printer, it is also possible to produce quality fake ID right at home. There are several books available that take you step-by-step through the process. In 1996 Ragnar Benson wrote the book Acquiring New ID: How to Easily Use the Latest Computer Technology to Drop Out, Start Over, and Get On with Your Life (Paladin Press), a step-by-step guide to producing fake ID at home. Five years later, Sheldon Charrett, haying seen the advances in computer and printing technology, wrote Secrets of a Back-Alley ID Man: Fake ID Construction Techniques of the Underground (Paladin Press). These books and many others like them provide detailed instruction on producing ID that will pass all but the most detailed inspection. It is not my intent here to give detailed instructions on the construction of fake ID but rather to point out the ease with which an identity thief can produce a fake ID in your name once he obtains your personal identity information. I will, however, provide a brief overview of how construction of a fake ID might be accomplished.

Factors Contributing to Identity Theft

First, the thief will need to get a template for your fake ID. This is not a major problem, since the designs of all state ID cards and driver’s licenses are published in books like ID Checking Guide (www.driverslicenseguide.com). The advertising for this guide promises “Every valid driver’s license format shown in actual size and full color, so no ‘con artist’ can fool you (all 50 states and 10 Canadian provinces, too.)” The ID Checking Guide is a very useful tool for comparing the format of stateissued ID cards and driver’s licenses with something being presented as an issued ID. It is also exactly what the identity thief needs to scan ID formats into his home computer for the purpose of creating fake ID. It is especially interesting to note that if someone uses the ID Checking Guide to check an ID made by scanning a format from the ID Checking Guide itself, the scanned version will be a very good match. After scanning the template into the computer, the identity thief fills in the blanks on the ID card with your personal identifying information. The addition of a passport-type or digital photo of the identity thief links his face with your identity.A few finishing touches, such as holograms, lamination, and authorizing signatures, and the identity thief has an ID in your name. I have tried the techniques for making fake ID detailed in the above-listed books and was able to produce a convincing ID in an hour or two. The fakes were not perfect by any means, but they were certainly good enough to cash your checks or open accounts in your name. Remember, people tend to believe what they see. Unless there is a good reason to question what we are being shown and told, we tend to accept things at face value. When an identity thief presents fake ID, the person checking that ID will most likely accept it as valid. The trick, of course, is not to give that person a good reason to question what he is being shown. If the ID presented appears to be professionally produced and there are no obvious errors, such as misspellings, ink smudges, or a blatant mismatch to the person presenting it (e.g., a 22-year-old white

Save Your Identity

woman presenting the ID of a 65-year-old black man), it will almost always be accepted. If someone were to attempt to verify the ID presented, it is very likely that the validity would be confirmed. Remember, the identity thief has not simply made up information to fill in the blanks of his fake ID—he has filled in the blanks with your personal identifying information. Ifyou call your state department of motor vehicles (DMV) to verify the validity of a driver’s license,

you will be asked to provide the driver’s license number, the name on the license, and perhaps the date of birth from the license.The DMV will then confirm that this information matches what is in its database. The police might not even question the validity of a license that comes back verified when they run it through their computer system. While writing this book, I spoke with a couple of patrol officers from the state police and asked them if they are generally on the lookout for fake ID during their official contacts with people (e.g., during traffic stops). The officers explained that while they are certainly aware of the possibility of being presented with fake ID, it is not something that is on the top of their list to check during a contact. Many perfectly valid licenses are not in great condition anyway after they have been carried around in a wallet or pocket for a couple of years. Furthermore, police officers are not necessarily any more aware of the design and format of a license from another state than you or I are. Both police officers confirmed that as long as their contact was the result of a minor traffic infraction or some petty offense, and the

computer verified what was being presented on the license (the fake ID), they probably wouldn’t question its validity. Again, people will generally believe what they see and hear unless given a specific reason to believe it is false. It is essential that you safeguard your personal information, or it may end up on the fake ID of an identity thief.

Credit Bureaus, Private Investigators, and Information Brokers “Possibly the most systematic security threat to American consumers is ‘identity theft, which usually involves insider abuse of credit bureau databases.” —News from the Office of the Privacy Commissioner (New Zealand)

Issue No. 21, January 1998 The

major

credit

bureaus,

or

credit reporting agencies, gather extensive information about the financial activities of millions of indi-

viduals. The stated purpose of this is to provide credit grantors with a means of determining, on the basis of credit

history, the creditworthi-

ness of anyone applying for credit. This is a fairly reasonable concept— helping credit grantors avoid losses by enabling them to extend major

Identity Theft lines of credit to only those individuals who have shown that they pay their debts in a timely manner. The credit bureaus gather financial information about you from many sources, including banks, credit unions, and credit card

companies. These types of businesses, known as automatic subscribers, report to the credit bureaus on a monthly basis regarding your payment history. In return, these subscribers can obtain reports from the credit bureaus at a discount. In addition, utility companies, medical facilities, insurance companies, and many

other businesses that extend any type of credit or financing report information to the credit bureaus.These businesses may not report regular payment histories; rather, they only file reports when payments are severely overdue, collection action has been taken, or

the debt is written off as bad or uncollectible.The credit bureaus also obtain information from public records, such as bankruptcies, tax liens, garnishments, and various other court orders and judgments.The compilation of these reports and records into specific files about individuals provides a fairly extensive Gf not always accurate) overview of their financial habits. One problem with credit bureau reporting is that it is often inaccurate.An 18 December 2002 CBSNews.com report stated, “A study by advocacy groups suggest that many [credit reports] have errors or omissions that can hurt your chances of getting a good interest rate on a loan.... More than a third of consumers

could be hurt by the discrepancies, the groups claim.” With the credit reporting agencies adding hundreds of thousands of new

pieces of information to their databases every month, it is inevitable that errors and omissions will occur. Unfortunately, the credit reporting agencies make no significant effort to prevent or correct these errors (if they did, a third of their records would not contain discrepancies). Furthermore, the lack of screening of

credit reports for accuracy is what enables many things that an identity thief does to go unnoticed and uncorrected until a consumer’s credit rating has incurred significant damage. An additional concern is the unauthorized dissemination of

Credit Bureaus, Private Investigators, and Information Brokers

information from your credit reports. This problem arises when the credit bureaus release information that is used for purposes other than establishing your creditworthiness to potential credit grantors with whom you have initiated a transaction. The credit bureaus have found that their databases, containing private financial information about millions of individuals, are a valuable com-

modity in and of themselves. They sell information about the creditworthiness of consumers to private investigators, informa-

tion brokers, companies

doing financial prescreening for mar-

keting purposes, government agencies, and many others. The credit bureaus are private companies seeking to make a profit. This means that they will sell information about you to anyone who has a permissible use for that information, as defined by the Fair Credit Reporting Act (Section 604): er

§ 604. Permissible purposes of reports (a) IN GENERAL.-Subject to subsection (c), any consumer

reporting agency may furnish a consumer report under the following circumstances and no other: (1) In response to the order of a court having

jurisdiction to issue such an order, or a subpoena issued in connection with proceedings before a Federal grand jury. (2) In accordance with the written instructions of

the consumer to whom it relates. {{2-28-03 p. 6605}} (3) To a person which it has reason to believe(A) intends to use the information in connection with a credit transaction involving the consumer on whom the information is to be furnished and involving the extension of credit to, or review or collection of an account of, the consumer; or (B) intends to use the information for

Save Your Identity

employment purposes; or (C) intends to use the information in

connection with the underwriting of insurance involving the consumer; or

(D) intends to use the information in

connection with a determination of the consumer’s eligibility for a license or other benefit granted by a governmental instrumentality required by law to consider an applicant’s financial responsibility or status; or (E) intends to use the information, as a potential investor or servicer, or current insurer, in connection with a valuation of,

or an assessment of the credit or prepayment risks associated with, an existing credit obligation; or (F) otherwise has a legitimate business need for the information(i) in connection with a business

transaction that is initiated by the consumer; or Gi) to review an account to

determine whether the consumer continues to meet the terms of the account. (4) In response to a request by the head of a State or local child support enforcement agency (or a State or local government official authorized by the head of such an agency), if the person making the request certifies to the consumer reporting agency that(A) the consumer report is needed for the

purpose of establishing an individual’s capacity to make child support payments or determining the appropriate level of such payments;

oO

Credit Bureaus, Private Investigators, and Information Brokers

(B) the paternity of the consumer for the child to which the obligation relates has been established or acknowledged by the consumer in accordance with State laws under which the obligation arises (if required by those laws); (C) the person has provided at least 10 days’ prior notice to the consumer whose report is requested, by certified or registered mail to the last known address of the consumer, that the

report will be requested; and (D) the consumer report will be kept confidential, will be used solely for a purpose described in subparagraph (A), and will not be

used in connection with any other civil, administrative, or criminal proceeding, or for

any other purpose.

we In addition to being collected by the credit bureaus, your personal information is also sought by private investigators and information brokers. Private investigators range from individuals with little or no training to some of the very best qualified investigators in the world. Along this same line, private investigators have codes of conduct and ethical standards ranging from none at all to some of the highest professional ethics you will find in any business. Unfortunately, highly skilled does not always mean highly ethical. It takes little effort to find stories of private investigators conducting investigations for and providing information to individuals who used that information for criminal purposes. Even when private investigators and information brokers run legitimate businesses and provide a valuable service to the public (which most in fact do), they have very little control over how the information they provide is actually used. An extreme example of the misuse of information provided

Save Your Identity

by these investigators can be found in the case of the murder of Rebecca Schaeffer, the star of the TV series My Sister Sam.A fan

infatuated with Schaeffer hired a private investigator to obtain personal identifying information about her. The fan (Robert Bardo) obtained Schaeffer’s home address from the private inves-

tigator and in July 1989 went to her home and shot her to death. In a very similar case, Amy Boyer was murdered by Liam Youens,

who

used

the

services

of

information

broker

DocuSearch to obtain Boyer’s Social Security number. He then used the services of a private investigator, who made a pretext call to Boyer, posing as a representative of her insurance company who needed to confirm her employment information. Boyer, believing that she was dealing with a representative of her insurance company, provided details of her employment, including her work

location. This information

was

sold to Liam Youens,

who then used it to locate Boyer and murder her. Admittedly, the use of private investigators and information brokers to obtain information about an individual and thereafter use it to plan that person’s murder is an extreme (although not particularly rare) example. However, the information provided by private investigators and information brokers can also be used to commit the crime of identity theft.An information broker gathers data from public and nonpublic records, compiling that information into searchable databases and selling reports from those databases to various clients.An information broker may work with national and international systems of records or may focus on a specific state or region. I know an investigator/information broker who makes a particular effort to collect information from various state and local public, semipublic, and private records and compile it into extensive databases. Using database linking and analysis software, she is able to discover extensive background information about individuals, determine associations, and predict

possibilities with uncanny accuracy. She of course has the standard databases of telephone

directories, tax rolls, voter regis-

Credit Bureaus, Private Investigators, and Information Brokers tration lists, and similar public records, but she also obtains

information that might be considered only semipublic or even private. For example, current federal law mandates that in order to obtain any type of government license or benefit one must disclose one’s Social Security number to the agency providing that license or benefit (including state agencies).This includes

such things as marriage licenses. Applications for a marriage license in the state where this investigator works now require that both parties to the license include their Social Security numbers on the application. The state involved here doesn’t print the Social Security numbers on the marriage license itself,

but the applications are filed in the state archives, where they are accessible to my friend the investigator (and pretty much anyone else who knows what to ask for). The state is mandating the disclosure of what is clearly personal and private information and then filing this information where it may be accessed by the general public! Along this same line, consider voter registration records— which by their very nature should be public. Voter registration information contains not only the names and addresses of registered voters but may contain private information such as unlisted telephone numbers or even the key to identity theft, Social Security numbers. (Social Security numbers were required on voter registration records in Virginia until the 4th U.S. Circuit Court struck the policy down.)

The investigator I mention here works in only two states and limits her collection of information to the states in which she works. There are, however, major companies that gather public,

semipublic, and private information on a national basis, store it in databases, and sell it in reports to their clients.

The major information brokers in the United States are members

of

the

Individual

Reference

Services

Group

(IRSG)

These few private corporations (along with the (www.irsg.org). three major credit bureaus) gather personal data about millions

of Americans and then use that information as a commodity that

oO

Save Your Identity

they buy, sell, and trade in the name of corporate profit. (It should be noted that while the following individual companies are all currently in business, the IRSG may be phased out because of passage of the Financial Services Modernization Act, or Gramm-Leach-Bliley Act, and other recent legislation.) Acxiom Corporation 301 Industrial Blvd., HQB2

Conway,AR 72033 ChoicePoint, Inc. 1000 Alderman Dr. Alpharetta, GA 30005

DCS Information Systems 500 North Central Suite 280

Plano, TX 75074

Dolan Media Company 1650 Park Building 650 3rd Avenue South Minneapolis, MN 55402 First Data Solutions Inc. 10825 Old Mill Road

Omaha, NE 68154 LEXIS-NEXIS 1150 18th Street, NW Suite 600

Washington, DC 20036

©

Credit Bureaus, Private Investigators, and Information Brokers

LocatePlus.com 100 Cummings Center, Suite 235M

Beverly, MA 01915 Online Professional Electronic Network (OPEN) 1650 Lake Shore Dr., Suite 350 Columbus, OH 43204

Stanton Corp. dba Pinkerton Services Group, Inc. 13950 Ballantyne Corporate Place Suite 300 Charlotte, NC 28277-2712

United Reporting Publishing Corp. PO. Box 1967 Rancho Cordova, CA 95741-1967 US Search.com Inc. 5401 Beethoven St.

Los Angeles, CA 90066 West Group

610 Opperman Dr. Eagan, MN 55123 One of the major problems created by these information brokers’ gathering and selling of information on a nationwide basis is that it can provide an identity thief with information to which he would otherwise not be able to gain access.The brokers claim

that they are only providing information available from public records, that the identity thief could gather such information himself, or that they are only providing information obtained from third-party providers. While this may be technically true, information brokers make it much easier for criminals to access this type of information.

Save Your Identity

It’s important to understand that even (or especially) information contained in public records can help an identity thief gain access

to your

accounts

and

assume

your

identity. For

example, many banks and other companies that establish accounts for customers will ask that you provide your mother’s maiden name as a way for them to confirm your identity later if you make inquiries about your account. Remember, they are not using your mother’s maiden name to confirm your identity at the time you establish the account but will use it as a future check dike a password) should you call with an inquiry about the account at some later date. The problem with this is that your mother’s maiden name is contained in public records. Your mother’s maiden name

is on your birth certificate, and birth certifi-

cates are public record. In many cases private information contained in public records (e.g., marriage license applications, voter registration cards, driver’s licenses) is put there voluntarily by individuals (who may not know that it can be omitted). In other cases, as with Social Security numbers, it may be mandated. When companies gather records from across the nation and compile them into databases, thereafter selling reports from these databases, they make the work of an identity thief that much easier. I certainly do not want to imply that these investigators and information brokers are doing anything illegal. They are providing a service and acting within the letter of the law. (The best of these companies will even allow you to opt out of their reporting of private information.) Nonetheless, the lack of extensive security procedures

to ensure accuracy and restrict access to these databases poses a very real threat to those whose names are contained therein. I believe any company that gathers, compiles, or sells personal and private information should allow anyone identified in its records to opt out of the sharing of his or her nonpublic data, and furthermore should restrict access to its accumulated public records—or at least be required to notify the individual involved any time it discloses information about him to a third party from

oO

Credit Bureaus, Private Investigators, and Information Brokers

these databases. An identity thief can use the services of investigators and information brokers as easily as those with a legitimate need and lawful use for the information they provide. The following is the opt-out policy of US Search, as presented on its Web site (www.ussearch.com) in April 2003:

US Search accesses numerous third party databases to gather information for our reports. We do not maintain the databases used in our searches; rather we

access separately maintained third party databases to collect information for the reports we provide. If you would like to remove yourself from US Search reports you can do so by joining US Search’s opt-out program. The opt-out program covers reports that contain non-public record information (sources like information compiled from magazine subscriptions) that is available for sale to the general public. US Search will use good faith efforts to help prevent your non-public record information from being distributed. We cannot provide any assurance that information that is otherwise public record information, such as court records, will be withheld. If you would like to be included in our opt-out program, you should contact us by mailing a signed request with the following information: your full name, e-mail address, mailing address, social security number, date of birth, past

addresses and aliases to: US Search.com Inc. Opt-Out Program 5401 Beethoven Street Los Angeles, CA 90066

Unfortunately, other such companies do not provide any means for you to opt out of their selling of your nonpublic infor-

Save Your Identity

mation. They simply gather information from whatever records they may be able to access, compile it in a database, and sell it to whoever wants to buy it. Because of these information brokers and thousands of smaller companies engaged in the same type of business, I recommend that anyone concerned about the crime of identity theft make a special effort to ensure that his or her personal information is contained in as few accessible databases as possible. Whenever an agency or business gives you the option of restricting access to information about you contained in its records or of opting out of the sharing of that information, I recommend that you take advantage of these opportunities to protect your personal privacy and safeguard yourself against the crime of identity theft.

Take Control of How Your Private Financial Information Is Stored and Used Early detection of identity theft is important to minimize the damage caused by the criminal who is using your personal and private information to commit his crimes. As mentioned previously, too often, the victim of identity theft is unaware that he has been victimized until several months or perhaps even a couple of years have passed. The identity thief is using your identity, opening accounts and accruing charges in your name, and you will probably remain completely unaware of his activities until you are denied credit or contacted by a bill collector demanding payment on these bad debts.

CHECK YOUR CREDIT REPORTS One of the best ways to keep track of what’s going on with your

oO

Save Your Identity

credit imum, major better,

is to review your credit reports on a regular basis.At a minyou should order a copy of your credit reports from the credit reporting agencies once per year. Twice per year is and quarterly is the best option (although this can cost

you up to $96 per year). It is important to obtain a report from each of the three major credit reporting agencies—Equifax, Experian, and TransUnion—because there may be information contained in one of these reports that is not in the others. Credit reports can be ordered conveniently online via the following Web sites:

Equifax www.equifax.com TransUnion www.transunion.com

Experian www.experian.com

Once you have a copy of your credit reports in hand, review each one carefully for accuracy and completeness. First and most importantly, make sure that every account listed on your credit report is one that you actually established.An account listed on your credit report that you do not recognize is a danger signal. It may be a simple error on the part of the credit reporting agency (and they make a bunch of them), or it may be that someone is using your name and personal identifying information to obtain credit and establish accounts in your name.

The next step is to make sure that any accounts listed as current/open are ones that you are actually using. That department store charge card that you applied for to get “15 percent off today’s purchase” and that you used only once around Christmas two years ago may still be listed as an open account. You may have cut up the charge card and forgotten all about it, but the

Take Control of How Your Private Financial Information Is Stored and Used

account is being carried as open by the department store and reported as such on your credit reports. An identity thief could take over this account and use it without your knowledge. If there are open accounts listed on your credit report that you are not using, close them. Simply call or send a letter to the business where you established the account and request that the account be closed. Finally, look at the inquiries section of your credit report. Who has obtained information about you from your credit reports? Obviously if you have applied for credit, taken out a loan, or perhaps interviewed for a new job, there will be inquiries because your credit report is checked as a part of approving your credit or loan application or hiring you at your new job. However, you should be very aware of any inquiries on your credit report that are not the result of an action you have taken. \fyou are not in the market for a new car, you should not see credit inquiries from an automobile dealership. Likewise, if you’re not purchasing a new Rolex watch or diamond ring, inquiries on your credit report from the Fly-by-Night Jewelry Company should serve as a warning. Many companies that sell expensive products (e.g., automobile dealers) routinely run credit reports before making a sale.

This makes perfect sense—they want to establish your creditworthiness before you drive away in a $40,000 vehicle. There is a problem only when your credit reports are being looked at by businesses with which you have no direct association. Remember, identity thieves have day jobs too ...and may be working as used car sales reps. You may find several inquiries on your credit report from companies with which you have no association because the major credit bureaus sell your personal financial information to companies that want to offer you credit.Although you may have never heard of these companies and have no interest in obtaining an additional credit card, your credit information was sold to

them as part of a marketing scheme. Fortunately, however, there

Save Your Identity

is a way to opt out of the selling of your private financial information and to limit the risk of identity theft associated with the disclosure of this information.

OPT OUT OF CREDIT PRESCREENING: 1-888-5-OPT-OUT When companies with which you have no association whatsoever buy your personal information from the major credit bureaus, they do so for the purpose of credit prescreening. Basically, how it works is that a company wanting to market its credit services to a group of people contacts a credit bureau to buy a list of prescreened potential customers. So Company X asks the credit bureau for a list of individuals living in, say, Los Angeles, all of whom make at least $50,000 per year, have at least

one major credit card, and are married. The credit bureau consults its vast databases, puts together a list of people who meet these criteria and sells this list to Company X. Company X gives this list to its marketing department, which

sends an offer for

preapproved credit to all the names on the list. If you have received an offer for a preapproved credit card, refinanced mortgage, or anything else along these lines in the mail, it is likely that preapproval was obtained by screening the private financial information contained in your credit reports. If you don’t want Company X obtaining information from your credit reports without your knowledge or permission, there is something you can do about it. You can opt out of this prescreening. That way, when Company X requests a list of people meeting certain conditions, your information won’t be sold for use in its marketing scheme, even if you meet all of the conditions it is looking for.All you need to do to opt out is call the special toll-free number set up by the credit bureaus for this purpose: 1-888-5-OPT-OUT (1-888-567-8688). This is an automated service. You leave your identifying information, and the credit bureaus remove you from their prescreening lists. As a step toward preventing identity theft, I strongly recom-

Take Control of How Your Private Financial Information Is Stored and Used

mend that you take advantage of this free service. Besides the fact that the credit bureaus probably shouldn’t be selling your personal information to companies with which you have no direct association, stopping these preapproved credit offers takes a tool away from the identity thief.Too often we view these offers as junk mail (which they are) and simply throw them away. But these offers are gold to an identity thief.An identity thief who gets his hands on one can complete the application with your information and his address and then sit back and await the arrival of his new credit card—in your name. Many of these offers for new credit cards come with three or four checks attached to the application so that you will have immediate access to your newly established line of credit. A criminal who finds this preapproved credit offer and associated checks, which you have tossed out as junk mail, can simply begin a bit of forgery in your name. There is no disadvantage to opting out of this prescreening. If you decide you want to apply for credit with Company X, you can always submit an application. If you were approved in the prescreening, you will be approved when you submit an application yourself. The difference is, when you submit an application to Company X, you are making the conscious choice to disclose your personal information.

ADD A FRAUD ALERT TO YOUR CREDIT REPORT A fraud alert is a notice placed in your credit reports to alert credit grantors that you may be the victim of identity theft or fraud. Its purpose is to cause any credit grantor to obtain additional information to verify that requests for credit have actually come from you.This is normally accomplished by including your home telephone number in the fraud alert with the instruction that the credit grantor must obtain authorization from you by calling the telephone number provided before establishing any new

account.

Save Your Identity

You do not need to wait until you have actually been victimized and suffered a major loss before placing a fraud alert on your credit reports. If you believe there is the potential of becoming the victim of an identity thief (remember, identity theft is one of the fastest growing crimes in America today) you should take this precaution. You simply need to contact the major credit bureaus listed below and instruct each one to place a fraud alert on your file.

Equifax Consumer Fraud Division PO. Box 740256 Atlanta, GA 30374 www.equifax.com TransUnion Fraud Victim Assistance Department

PO. Box 6790 Fullerton, CA 92834 www.transunion.com

Experian National Consumer Assistance

P.O. Box 9530 Allen,TX 75013 www.experian.com

Prior to granting credit, most credit grantors will conduct a credit check on the applicant; however, they will not necessarily

request a report from all three credit bureaus. It is thus important to have the fraud alert placed on each of your credit reports so that any potential credit grantor will see it. This is a simple procedure that takes about five minutes (after you actually get connected to a real person) with each credit bureau and is a significant step in protecting yourself from identity theft. The rep-

Take Control of How Your Private Financial Information Is Stored and Used

resentative you speak with will ask you to answer some verifying questions (to prove you are who you say you are) and will then place the fraud alert on your credit file. Is there any potential downside to having a fraud alert on your credit reports? Well, first it is important to understand that there is no law that requires a credit grantor to pay attention to a fraud alert. Fraud alerts can be and have been ignored by credit grantors. However, in the vast majority of cases a credit grantor will pay careful attention to a fraud alert.After all, it is in the credit grantor’s interest to ensure that credit is being granted to the right person. It is also important to understand that a fraud alert on your credit reports will limit your ability to gain “instant credit.” Filling out that application for instant credit at the Acme Computer and Electronics Store, waiting while they do an online credit check,

and then walking out with that new computer and no until 2014 just won’t happen. Remember, a fraud alert that any creditor is supposed to contact you at the number you have provided in the alert before granting

payments stipulates telephone credit. On

the other hand, the fraud alert will prevent an identity thief from

applying for that same instant credit in your name, walking out with that new computer, and leaving you to explain what happened when it comes time to make those payments.

CALIFORNIA RESIDENTS: FREEZE YOUR BUREAU REPORT A new California law, SB-168 (see Chapter 9), goes a long way toward allowing California residents to protect the content of their consumer

credit files (credit reports) from disclosure. SB-

168 does several things to tity theft, but one of the place a “security freeze” freeze is much more than

protect California residents from idenbest things it does is enable them to on their credit reports. The security a fraud alert.A fraud alert still allows

your credit report (containing the alert notice) to be released.

The security freeze prevents disclosure

of your credit report

Save Your Identity

itself. This means that your credit report is locked. It is frozen, and no information contained in it will be disclosed to anyone unless you specifically instruct the credit bureau to release it. (To allow access to your credit file, you will need to provide the credit bureau with proper identification, identify a password established by the credit bureau when the security freeze was placed, and specifically identify the third party to whom your credit information is to be released.)

Consumers should have a direct say regarding when and to whom their personal financial information is disclosed, and they should be able to prevent any disclosure of that information should they choose to do so. SB-168 allows California residents to take back control of their credit reports. Each of the credit bureaus has slightly different procedures for placing a security freeze on the credit report of a California resident, and each charges a fee to do so. At the time this portion

of SB-168 went into effect, the fee ranged from $12 to $59.95

(Equifax — $12,TransUnion — $29.95, Experian — $59.95). In short, however, it’s simply a matter of contacting each of the credit bureaus, providing them with your California address,

instructing them to apply a security freeze to your account, and, of course, paying the associated fee. The benefits of placing a security freeze on your credit reports are obvious. No identity thief will be able to establish any type of major account in your name because no credit check can be performed in order to set up the account. Furthermore, it gives you absolute control over who gains access to your credit reports. But is there any downside to taking this precaution? Placing a security freeze on your credit reports will result in the same basic problem as putting a fraud alert on your credit reports: you will limit your access to “instant credit” based on a quick online credit check. Beyond this, however, there is no real

downside. Should you wish to allow access to your credit reports, the law provides that the credit bureaus must grant access to whomever you have instructed them to within three

Vee Contr oftow ‘Yow Private Finaanial tetorsvation |: Stored and Uned Gays. So £ you plan to buy 2 new automobile, obtain 2 mortgage to purchase 2 home, or rinance 2 current account, the compaiy necGing acces to your credit information can gain said access

giKthy once you give your permission. However, an identity thie even knowing sgnificamt personal information about you, wih act be whe to gin access to your cred reports or allow oth st

ds & in onder | exabiioh fraudulent accounts.

in sthiition, SBA

provides some general protections for

CMhoarnia reves. Specifically, 2 prohibits publicly posting or tepfaring, tA Seaxity numbers, printing Social Security numbers on identifies cards, printing Social Security numbers on documents sem through the mail unless required by law or in spins tin employment of CreGi, and requiring 4 person to team his on her Social Security number via an unencrypted

internet connection. in short, S$B-166 tries to restrict the massive and uncomrtled use A Social Security numbers and protect (sihonmsa renens from the threat amociated therewith.

in this author's opinion, SB-168 (while perhaps not allencomputing) a tciinticly 2 dep in the right direction in the effort to praca (inna resdems aguine identity theft and associated cranesUfyou ae nn 2 resem ff California, you should encourth yon

wn

tae leggonme to shorn 2 similar law.

IDUOKE THE FINANCIAL SERUICES MODERNIZATION ACT (GRAMM-LEACH-BLILEY ACT) in shiitjon to the creda bureaus sciling your personal finan CA thomoton, your Grancil instiutions (banks, creda unions, javessmment fms) ae Going the same thing As part of their mar-

keting «hemes, they are xing information shout ther customers

to then Hiliaes 22 WA os ts Comnphetcty unaffiliated companies. if you beieve that your financial institutions have 2 duty to

prac

yous privacy, to saleguard your financial interest within

, to take ne actions that would put the terms A your sccountand you a tk A entity thet, fraud, or other financial crimes, 1 cer

Save Your Identity

tainly agree with you. Unfortunately, your bank does not. Financial institutions have found that they can make money by selling your private information, and they do just that.The problem became so bad that the federal government finally stepped in. Because of the risks posed to consumers by the blatant disclosure of their private financial information, Congress passed the

Financial Services Modernization Act, or the Gramm-Leach-Bliley Act. It required all financial institutions to notify their customers of their rights under this law prior to July 2001. Most of them did this with a flyer included with your monthly bill along with the

ads for current mortgage rates and new car loans. In this way, you were informed of your right to tell your financial institution that you did not want it to sell your private financial information (i.e., that you could opt out). If you did not exercise this right, however, financial institutions were free to continue selling it. Thankfully, the law allows you to opt out at any time.To do so, you simply need to instruct your financial institutions to stop selling and sharing your personal financial information as required under the law. It is very important to understand that the Financial Services Modernization Act is not specifically a privacy law. It is a financial services law that contains a privacy provision within its text. The act actually removed some of the barriers to the sharing of your private personal and financial information among banks,

insurance companies, and the like. You can use the provisions of the law to limit disclosure of your private information, but you must take specific steps to do so. It is essential that you contact all of your financial service institutions and inform them that you do not want them selling or sharing your private information with others. Simply send the following letter to each of them:

Take Control of How Your Private Financial Information Is Stored and Used Date Your Name

Your Address

Financial

Institution Name Investment Broker, etc.)

(Bank,

Credit

Card,

Credit

Union,

Financial Institution Address

RE: Account Number(s) Dear Sir or Madam:

I am submitting the following instructions with regard to my account(s) and your information sharing and sales policies: In accordance with the provisions of the Financial Services Modernization Act (Gramm-Leach-Bliley Act) allowing me to opt out

of any sharing or selling of my personal information, I direct you NOT to share any of my personal identifiable information with nonaffiliated third-party companies or individuals. I further direct you NOT to share nonpublic personal information about me with affiliated companies or individuals. In accordance with the Fair Credit Reporting Act, allowing me to opt out of sharing of information about my creditworthiness, I direct you NOT to share information about my creditworthiness with any affiliate of your company. I do NOT wish to receive marketing offers from you or your affiliates. Please immediately remove my name from all marketing lists and databases. Thank you for your assistance in this matter and for taking steps to protect the privacy of your customers. I request that you acknowledge receipt of these instructions and your intention to comply with my request for privacy of my personal, financial and other information by return mail. Sincerely, Your Signature Your Name Pea

.

oe

¥

beh

oF

age



Ae

aa

ee

- Ce or

aey

ee

:

7

:

ee

————

7

°

hed

——

mitepgnids a soe ag ary —s ee Ne se ee i ete osOgee “ii non Vane tk oe a er eras sai .

Fe

cee eee

(i

Selle A

gp

eg

EP ——

a

©

=

a

a